Hi ! We have Squid installed as transparent proxy, and it blocks certain web sites. However, I we have seen some users use public proxies like ninjaproxy in order to visit these sites. Is there any way to block public proxies along with those annoying sites? Thanks in advance for any suggestion(s) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 01 June 2007, Andrei Verovski (aka MacGuru) wrote:
Hi !
We have Squid installed as transparent proxy, and it blocks certain web sites. However, I we have seen some users use public proxies like ninjaproxy in order to visit these sites.
Is there any way to block public proxies along with those annoying sites?
Thanks in advance for any suggestion(s)
Probably not without content filtering on every machine on your network. You are engaged in a never ending battle when you try to block sites with a population of users who are older than 12, because there are so many ways around a blockage and so few tools at hand to do the job. You could try to add the entire /24 of these proxies to your firewall banned IP list, but be aware there are thousands of these popping up every day. China is in a similar battle, and their efforts are increasingly failing. -- _____________________________________ John Andersen -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andrei Verovski (aka MacGuru) wrote:
Hi !
We have Squid installed as transparent proxy, and it blocks certain web sites. However, I we have seen some users use public proxies like ninjaproxy in order to visit these sites.
Is there any way to block public proxies along with those annoying sites?
Thanks in advance for any suggestion(s)
The only way I can think of to get round this rather than have a blacklist of sites one cannot visit, is to have a whitelist of sites you can. Then instigate a policy of whitelisting sites on request. This is do-able for a business but problematic in an educational institution... Unfortunately the downside is that, a) this could be a lot of work and b) you will become as popular as the bubonic plague.... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGYp9/asN0sSnLmgIRAq/MAKC+Mo3+nEDXfuCcaRn2qVlP8GZlWgCeKV2B L17z8mE698cgnFx2yP+plvI= =jQhE -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Sat, 2 Jun 2007, Andrei Verovski (aka MacGuru) wrote:-
Hi !
We have Squid installed as transparent proxy, and it blocks certain web sites. However, I we have seen some users use public proxies like ninjaproxy in order to visit these sites.
My guess is that you're trying to stop users behind your firewall from accessing sites outside the firewall without using your proxy.
Is there any way to block public proxies along with those annoying sites?
The simplest way I can thing of would be to block the common proxy ports[0] on the firewall except where they originate from the official proxy. An alternative would be to additionally use port-forwarding of those same ports, as well as ports 80 and 443, and have all the traffic go through the proxy. The only problem with this is that, at some point, someone will find an open or public proxy on a different port, and then you get to add that port to your list. [0] 3128, 8080, 8088, and if you want to block SOCKS4/5, 1080 as well. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ RISCOS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit RISCOS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a4 32bit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Andrei Verovski (aka MacGuru) -
David Bolt -
G T Smith -
John Andersen