sedatriza
asked on
microsoft proxy server v2.0
I use MS proxy server and it works fine. I know how to block sites using our firewall. But the socks proxy is more complicated. users access sites note through http but through tcp or udp ports. How can i find out which ports they are using so i can block these using my firewall.
thanks
sed
thanks
sed
ASKER
thanks for that.
error in my original question it's winsock and not socks
i can see user activity in the winsock windows and can see these entries in the log files. But it does not tell me which port they are using. I could tighten things down and gradually release them. it would be handy to know what ports are being used.
thanks
sed
error in my original question it's winsock and not socks
i can see user activity in the winsock windows and can see these entries in the log files. But it does not tell me which port they are using. I could tighten things down and gradually release them. it would be handy to know what ports are being used.
thanks
sed
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oh yeah, if you are looking for the source port then MS Proxy doesnt log that (At least Im 95% sure that it doesnt).
Users will access sites through ports. HTTP uses TCP port 80, SMTP TCP port 25, DNS lookups UDP port 53, etc...
Blocking websites through MS Proxy would be quite a time consuming task. Also, I believe you'd have to use the Proxy server as a firewall (i.e. have a direct connection to the net). If you do have a reasonable firewall in place, it'd be easier to restrict access using Global groups.
i.e. create groups called Web granted (ports 80 and 443 - HTTP and HTTPS), FTP granted (port 21), etc... and place users in these groups to allow them access. Then modify your fireweall to allow the Proxy server outbound access to these service rather than individual machines.
This is a good way of bolting down internet access with minimal admin overhead. If a user requires, say, FTP access, simply place them in the relevant group.
If you want to block specific sites, I would look into a specific content filtering solution - some can be quite cheap if all you require is a URL database. It'll also save you a lot of work maintaining a list of blocked sites, especially as a lot of these questionable sites constantly change their DNS to get around filtering packages.
Blocking websites through MS Proxy would be quite a time consuming task. Also, I believe you'd have to use the Proxy server as a firewall (i.e. have a direct connection to the net). If you do have a reasonable firewall in place, it'd be easier to restrict access using Global groups.
i.e. create groups called Web granted (ports 80 and 443 - HTTP and HTTPS), FTP granted (port 21), etc... and place users in these groups to allow them access. Then modify your fireweall to allow the Proxy server outbound access to these service rather than individual machines.
This is a good way of bolting down internet access with minimal admin overhead. If a user requires, say, FTP access, simply place them in the relevant group.
If you want to block specific sites, I would look into a specific content filtering solution - some can be quite cheap if all you require is a URL database. It'll also save you a lot of work maintaining a list of blocked sites, especially as a lot of these questionable sites constantly change their DNS to get around filtering packages.
Administrative Action - Force Accepted.
SpideyMod
Community Support Moderator @Experts Exchange
SpideyMod
Community Support Moderator @Experts Exchange
Usually you'd let out ports 80 http, 443 https, 53 DNS, 25 SMTP, and let NOTHING in (unless you have internal servers, in which case identify the protocols they use and allow these through)