How to block proxy sites?

Discussion in 'Newbie Lounge' started by .:HM:., Oct 10, 2008.

  1. .:HM:.

    .:HM:. New Member

    Joined:
    Dec 6, 2007
    Messages:
    925
    Hey guys,

    Would like to know how to block stupid proxy sites...

    for example:

    sneakmyass.in

    I block a certain website and they just keep using proxy sites to go back into, and if i do one, there will be a zillion more proxies out there.

    thanks
     
  2. flu!d

    flu!d Ubuntu Mate 16.04 LTS

    Joined:
    Jun 27, 2001
    Messages:
    10,689
    Set up a decent hardware firewall with content filtering.

    -Smoothwall with Dansguardian content filter.
    -PFSense with content filtering addon.
    -Untangle.

    The above systems can be set up on any x86 based PC with 2 or more NICs.

    Or you can go for a off the shelf solution like a Cyberguard firewall with the content filtering addon, but bear in mind that an off the shelf solution will cost upwards of $700.00 and won't nessecarily be any better than the open source solutions mentioned above.

    I use Smoothwall myself and it works a treat, I have also used PFSense, and it works well also. If you are new to open source firewalls I reccomend PFSense.
     
  3. CordlezToaster

    CordlezToaster Member

    Joined:
    Nov 3, 2006
    Messages:
    4,017
    Location:
    Melbourne
    if the perpetrators are smart they will just use https proxys "then they get really hard to block".

    If its for home then use the above mentioned.
    You could also write a script, rule to look for a particular string used in the proxy script and block it that way.

    Or if you can block phrases block the copyright messages in webpages because i think proxy sites still pass that info through(thats how we blocked them with sonar).

    ie, block Myspace Copyright 2008 etc.

    But at my work we use a bluecoat to do everything and it worls well.
     
  4. Whisper

    Whisper Member

    Joined:
    Jun 27, 2001
    Messages:
    8,297
    Location:
    Sydney
    Run your own proxy the browsers must use and block anything that tries to use anything else. :)
     
  5. The_Derro

    The_Derro Member

    Joined:
    Jul 15, 2001
    Messages:
    547
    Location:
    Sydney
    You could block Proxy style requests, which shouldn't impact 'normal' users but anyone using a proxy will usually be stuffed.

    The difference is in the HTTP request.

    A 'normal' http request will be:

    GET /blah/foo.html
    Host: www.example.org

    and then the rest of the HTTP headers.

    A proxy mode request will be:

    GET http://www.example.org/blah/foo.html

    HOW would you configure this though? No idea :) Your firewall/filter device would need to support the ability to do it.

    But, as mentioned by CordlezToaster, a HTTPS proxy will render this null and void :(
     
  6. CordlezToaster

    CordlezToaster Member

    Joined:
    Nov 3, 2006
    Messages:
    4,017
    Location:
    Melbourne
    With most https proxy sites none of them have paid for a trusted certificate so you can block non trusted certificate sites and only allow those who have paid for an ssl cert.
     
  7. .:HM:.

    .:HM:. New Member

    Joined:
    Dec 6, 2007
    Messages:
    925
    ok thanks guys

    Yeah, those HTTPS ones are damn annoying. :thumbdn:

    wait don't worry, figured it out :)

    Anyone want to help me how to use PFsense?
     
    Last edited: Oct 30, 2008
  8. .:HM:.

    .:HM:. New Member

    Joined:
    Dec 6, 2007
    Messages:
    925
    ok... what the hell, i dl the ISO and the MD5 file...

    And when i extract, it just comes out with all these folders that mean absolutely nothing....

    :paranoid: :rolleyes:
     
  9. .:HM:.

    .:HM:. New Member

    Joined:
    Dec 6, 2007
    Messages:
    925
    sigh guys..

    PFsense is so damn confusing to install..

    any help?
     
  10. Stiff

    Stiff Member

    Joined:
    Jan 21, 2003
    Messages:
    993
  11. neon_87

    neon_87 RIP

    Joined:
    Mar 6, 2005
    Messages:
    2,757
    Location:
    Melbourne
    We use MS ISA2004 at work, running on server 2003. Does the job nicely, but not cheap for regular users. We get it free through Vic DEECD
     
  12. DeXtOrAu

    DeXtOrAu Member

    Joined:
    Feb 9, 2008
    Messages:
    163
    Location:
    Adelaide (North)
    try netfox
     

Share This Page