Using advproxy and ipcop to restrict web sites based on Windows login

Well, if the point of Advproxy is to pop up a prompt when people go to forbidden sites, no, that cannot be done without overhauling Advproxy.

It might be a better design to use one 'public' proxy that will simply drop all traffic to sites that are not publicly accessible, and one 'priviliged' proxy that requires a password for everything, but once that is provided pass everything.

That being said, I know zip about Advproxy...

Joachim

All I want to do is restrict users to a list of "approved" sites (about a dozen sites). Advproxy blocks these sites, but gives the user an opportunity to enter their Windows credentials - a "second chance" I guess. How would you do this with any other web proxy? I would think this is a problem with ANY proxy software.

I think you mean 'blocks other sites', no?

Either way, this is a *very* bad design. It encourages people to give out sensitive passwords to a device they cannot distinguish from a web site. Luring people to a website that also pops up an authentication dialog would yield a very large number of usernames/passwords.

I'd heartily recommend you to go with my public/priviliged proxy proposal, in my last post, which should be doable with pretty much any proxy server. Just run two instances...

Joachim

Thanks for responding. The reason why advproxy is prompting the users is because linked components of the web site are directing them to "banned" sites not on the list. Typically users do not get a prompt at all unless they're going to banned sites. I may want my users to go to microsoft.com, but I don't want them to go to msn.com. Users can get to the approved web site if they cancel the username/password prompt. Components of the web page may not show, but that's okay. Your solution is all or nothing. I'm trying to intelligently filter where the user can go - even when they get into "approved" sites.