Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Users bypassing bluecoat proxy

Posted on 2013-06-25
Medium Priority
Last Modified: 2016-11-28
I have bluecoat proxy in my network and users are bypassing the proxy by using hotspot shield or ultrasurf and other these kind of softwares. How i can stop them to bypass bluecoat proxy?
Question by:Muhammad_Ashfaq
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39276787
It's a never ending game of cat and mouse

Start by limiting DNS leaving the wan and force your own servers. Then you can block sites. Unless you have a meraki or some other layer 7 appliance...
LVL 65

Assisted Solution

btan earned 750 total points
ID: 39276959
No fullproof way unless the machine is lockdown and control but can has ripple effect...there is but it is far easier to alter his machine other wise it involves forcing all router traffic through praxy and tacacs server using radius to lock it all down and even then if he is determined it's possible to get a few packets through before clamping happens setting up the vpn anyway..
change his account abilities add ccproxy to his machine and use a good monitoring program

Ideally blocking of udp outbound may seems ok but there are other possible http proxy as well and of course should be block to reach in first place. I even seen some doing the ssl proxy to break and block those traffic request outbound. The key is to make sure traffic go through your proxy first.
LVL 65

Expert Comment

ID: 39276965
Also proxy setting lockdown is enforced in managed client machine together with application control and no admin rights.  Even to single out only using specific browser only.
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

LVL 38

Expert Comment

by:Rich Rumble
ID: 39277668
Use WCCP to force them through the proxy, block outgoing destination ports for the user subnets so they can't use services on non-standard ports or vpn services.
Most importantly have a policy that they are aware of that tells them they can be disciplined for for such actions.
LVL 17

Expert Comment

ID: 39277955
We have disabled users from installing softwares in our domain. That does the trick. If windows group policy is properly designed, users can only do what you want. They cannot even change proxy ip in Internet explorer.

Windows domain has enough power to stop users, only we never learn/implement it properly.
LVL 38

Accepted Solution

Rich Rumble earned 750 total points
ID: 39277999
Removal of rights aren't enough, our users can RDP home or use a HTTPS VPN to bypass unless we block at the network level, and force the use of the proxy. Users can still "install" firefox on their desktop w/o admin rights, the only limitation is they can't install to C:\program files or set FF as the default browser, same for Chrome, so they can fully bypass the proxy if they want to. There are "Portable" exe's  users can DL that don't even go through an MSI or other process if they want. You have to block at the network level, or force them through the proxy in some way.
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39278173
You can't block everything. Deal the the root issue: why are people installing something to bypass your proxy?

Expert Comment

by:Prince Dhiman
ID: 41904662
If you machine as installed bluecoat agent. You can disable bluecoat agent temporarily using below in cmd (runas administrator) if you have admin rights.

Run cmd as administrator
Net stop bcua-wfp                  [this service may not be visible in services.msc]
taskkill /im bcua-service.exe /f

after you can see the service status as down.

To start the service:
net start bcua-wfp
net start bcua

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Screencast - Getting to Know the Pipeline
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question