This blog specifically speaks about locking proxy settings on Firefox web browser. This method will prevent the users from bypassing your network proxy/content filter. It has been a cumbersome task for System Admins/Security engineers to prevent the domain users in their organization from tampering with the proxy settings in Firefox browser as Mozilla Firefox is not a proprietary Microsoft software and thus cannot be centrally managed by the AD group policy, the GPO settings will not be pushed to the computers running Mozilla Firefox and users will have a field day having an option to bypass the network proxy.
Ideally to make this work, vendors like websense have articles wherein, they require you to download and push a non-proprietary, custom AD plugin which, might not go down well with experienced System Admins/security team.
The method that I have depicted here requires no additional third party tool or plugin to make this work.
To begin with, locate the Mozilla Firefox folder under “C:\Program Files (x86)\Mozilla Firefox”. It is a multi pronged process and you will need to ready 3 files which are basically script based configuration .cfg, .JS and .ini files.
Creating mozilla.cfg configuration file
Firstly, create a notepad file with the following script content-
// Set Firefox Default homepage
// Disable default browser check
// Disable application updates
// Disable the ‘know your rights’ button from displaying on first run
// Disable the request to send performance data from displaying
// Set the default proxy settings HTTP
lockPref(“network.proxy.no_proxies_on”, “localhost, 127.0.0.1”);
Please note that this script has 6 sub-parts in it, namely-
- Set Default homepage
- Disable Application updates
- Disable the ‘know your rights’ button from displaying on first run
- Disable the request to send performance data from displaying
- Set the default proxy settings HTTP
Please note that the syntax is very crucial here and any mismatch will render the configuration to not work. Once the script is pasted on the notepad file, save it as “mozilla.cfg” and place it under the parent directory “C:\Program Files (x86)\Mozilla Firefox”.
Creating “override.ini” file
The second step is to create the override.ini file to disregard the default Mozilla flow. You will have to again locate the override.ini file which will be in in a sub-directory within the parent directory “C:\Program Files (x86)\Mozilla Firefox\browser”.
Again use notepad to create/make changes to override.ini, the content of the file should be as such-
Save the file in the same sub-directory “C:\Program Files (x86)\Mozilla Firefox\browser” with a .ini extension.
Creating “local-settings.js” file
The “local-settings.js” file has to be created again using notepad and stored in “C:\Program Files (x86)\Mozilla Firefox\defaults\pref”. This is a java script which acts as a callout function for interlinking the 3 created files as it is not a structured program we are dealing with. The contents of the local-settings.js file are as shown below-
pref(“general.config.filename”, “mozilla.cfg”); pref(“general.config.obscure_value”, 0); pref(“browser.rights.3.shown”, true);
Once done, save it in “C:\Program Files (x86)\Mozilla Firefox\defaults\pref”.
Now you are ready to test it, close all instances of Firefox on the PC, log off and log back in as the user and test browsing on Firefox.
You can check the proxy settings by going to Firefox Menu>Options>Advanced>Network>Settings, you will see that the proxy settings will be grayed out and it will locked with your corporate proxy settings.
Now to push it to all users/computers in your organization, you can create a package in SCCM with the 3 files and push it to the entire domain.
Note: I tested this method on a Windows 7 professional SP1 machine with Mozilla Firefox version 40.0.3