[c-nsp] proxy anonymizer blocking

James Bensley jwbensley at gmail.com
Sun Jul 24 05:37:49 EDT 2011


On 24 July 2011 06:54, madunix at gmail.com <madunix at gmail.com> wrote:
> I am currently using a squid web filter to manage access to the
> Internet from office network beside ASA. I know anonymous proxies are
> hard to block because they are a constant moving target with new ones
> opening daily. My question is there away to test the headers of
> anonymous browsing and block it.

Its a tough one. At my last employer we rolled out squidGaurd along
side our squid deployments, then used two different black list
providers which updated daily (and you can use DNS BL now also if you
patch your v1.4 source).

Couple these options with word filtering in the URL (so we blocked any
URL with words that were found in a word list, that included words
like "proxy"). That way users could not go to anything like
"www.aproxy.com" nor could they use a search engine such as Google
because the URL becomes something like "www.google.com/q=open+proxy".
Together, this was all very effective for us.

-- 
James.
http://www.jamesbensley.co.cc/


More information about the cisco-nsp mailing list