How to Lock Firefox browser proxy settings and prevent domain users from bypassing the Network proxy

This blog specifically speaks about locking proxy settings on Firefox web browser. This method will prevent the users from bypassing your network proxy/content filter. It has been a cumbersome task for System Admins/Security engineers to prevent the domain users in their organization from tampering with the proxy settings in Firefox browser as Mozilla Firefox is not a proprietary Microsoft software and thus cannot be centrally managed by the AD group policy, the GPO settings will not be pushed to the computers running Mozilla Firefox and users will have a field day having an option to bypass the network proxy.

Ideally to make this work, vendors like websense have articles wherein, they require you to download and push a non-proprietary, custom AD plugin which, might not go down well with experienced System Admins/security team.

The method that I have depicted here requires no additional third party tool or plugin to make this work.

To begin with, locate the Mozilla Firefox folder under “C:\Program Files (x86)\Mozilla Firefox”. It is a multi pronged process and you will need to ready 3 files which are basically script based configuration .cfg, .JS and .ini files.

Creating mozilla.cfg configuration file

Firstly, create a notepad file with the following script content-

// Set Firefox Default homepage
lockPref(“browser.startup.homepage”,”http://yourcompany.com/“);

// Disable default browser check
pref(“browser.shell.checkDefaultBrowser”, false);
pref(“browser.startup.homepage_override.mstone”, “ignore”);

// Disable application updates
pref(“app.update.enabled”, false);

// Disable the ‘know your rights’ button from displaying on first run
pref(“browser.rights.3.shown”, true);

// Disable the request to send performance data from displaying
pref(“toolkit.telemetry.prompted”, 2);
pref(“toolkit.telemetry.rejected”, true);

// Set the default proxy settings HTTP
lockPref(“network.proxy.http”, “proxy.company.org”);
lockPref(“network.proxy.http_port”,8080);
lockPref(“network.proxy.type”, 1);
lockPref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1”);
lockPref(“network.proxy.share_proxy_settings”, true);

Please note that this script has 6 sub-parts in it, namely-

  1. Set Default homepage
  2. Disable Application updates
  3. Disable the ‘know your rights’ button from displaying on first run
  4. Disable the request to send performance data from displaying
  5. Set the default proxy settings HTTP

Please note that the syntax is very crucial here and any mismatch will render the configuration to not work. Once the script is pasted on the notepad file, save it as “mozilla.cfg” and place it under the parent directory “C:\Program Files (x86)\Mozilla Firefox”.

mozill

Creating “override.ini” file

The second step is to create the override.ini file to disregard the default Mozilla flow. You will have to again locate the override.ini file which will be in in a sub-directory within the parent directory “C:\Program Files (x86)\Mozilla Firefox\browser”.

Again use notepad to create/make changes to override.ini, the content of the file should be as such-

[XRE]
EnableProfileMigrator=false

Save the file in the same sub-directory “C:\Program Files (x86)\Mozilla Firefox\browser” with a .ini extension.

override

 

Creating “local-settings.js” file

The “local-settings.js” file has to be created again using notepad and stored in “C:\Program Files (x86)\Mozilla Firefox\defaults\pref”. This is a java script which acts as a callout function for interlinking the 3 created files as it is not a structured program we are dealing with. The contents of the local-settings.js file are as shown below-

pref(“general.config.filename”, “mozilla.cfg”); pref(“general.config.obscure_value”, 0); pref(“browser.rights.3.shown”, true);

Once done, save it in “C:\Program Files (x86)\Mozilla Firefox\defaults\pref”.

local

Now you are ready to test it, close all instances of Firefox on the PC, log off and log back in as the user and test browsing on Firefox.

You can check the proxy settings by going to Firefox Menu>Options>Advanced>Network>Settings, you will see that the proxy settings will be grayed out and it will locked with your corporate proxy settings.

prox

 

Now to push it to all users/computers in your organization, you can create a package in SCCM with the 3 files and push it to the entire domain.

Note: I tested this method on a Windows 7 professional SP1 machine with Mozilla Firefox version 40.0.3

Advertisements

3 thoughts on “How to Lock Firefox browser proxy settings and prevent domain users from bypassing the Network proxy

  1. I’m at home trying to do the opposite. something keep turning the proxy on and my browser goes stip and doesn’t work right. I go back and turn the proxy off and then it works again. how can I lock this to NO PROXY.

    thank you.
    Gerald

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s