How to block the proxy websites

i have blocked url's in my router, but users are accessing the websites via proxy sites, how can i block proxy in my cisco 1841 Router & ASA.
Ajeet KumarIT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wilder_AdminCommented:
there are only two options to solve

1.) use a third party tool for URL Filtering
2.) Denay https-traffic

SO in my opinion the first solution is the right one.

Why? its impossible for the asa or the router to know all proxy sites or tools. And you do not have time to scan the network for these all the time. So you need url blacklists where the urls are categorized for you.
0
tbrent77Commented:
There really is no way to effectively block proxy sites as their urls are many and vast and also change a lot.  Blocking https won't work either because its required by some sites and some proxies don't use it.

You can try blocking the most common sites.  You might also look into a calyptix access enforcer as your network lead router.  This product has filtered lists you pay by subscription and it may contain proxies.  Call them first.  ps. I do not get paid by the calyptix company for this information.  I have installed one and it works quite well.  Good Luck
0
Ajeet KumarIT ManagerAuthor Commented:
what is the solution to block the proxy websites, there must be someway, how can i block all these proxies via asa firewall
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Loki555Commented:
If you have an Windows Network I would guess to disable the proxy settings in the client browser settings over GPO.
With additional .adm file it´s also possible for firefox.
If you are using a proxy in your network to access internet you can deploy our proxy, disable the settings.
In your firewall only accept requests from the proxy not from the client.
0
Ajeet KumarIT ManagerAuthor Commented:
is there any way, so that i can block proxy sites through cisco ASA firewall ?
0
tbrent77Commented:
Proxy url's are many and change a lot.  You can blacklist many of them but you simply can't get them all.  They change their urls and as such, your blacklist must change too.  Disabling proxy settings in a browser will not work either.

The only thing I could suggest at this point, is to split your network into groups and setup 'white-list only' routing for the group that is causing trouble.  That is, white-list the only places they should be allowed to go and block all others.  It is a work environment and surfing is not a company activity for most.  I have implemented this type of policy in the past.  When they complain, say it is company policy to enforce rules about where you go on the internet.  It's for safety and facebook and other sites are a security risk.  You won't make many friends, but  it does work as they cannot get to any proxy site to use it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.