Solved

How to block the proxy websites

Posted on 2014-07-23
6
408 Views
Last Modified: 2014-08-23
i have blocked url's in my router, but users are accessing the websites via proxy sites, how can i block proxy in my cisco 1841 Router & ASA.
0
Comment
Question by:Ajeet Kumar
6 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
Comment Utility
there are only two options to solve

1.) use a third party tool for URL Filtering
2.) Denay https-traffic

SO in my opinion the first solution is the right one.

Why? its impossible for the asa or the router to know all proxy sites or tools. And you do not have time to scan the network for these all the time. So you need url blacklists where the urls are categorized for you.
0
 
LVL 3

Expert Comment

by:tbrent77
Comment Utility
There really is no way to effectively block proxy sites as their urls are many and vast and also change a lot.  Blocking https won't work either because its required by some sites and some proxies don't use it.

You can try blocking the most common sites.  You might also look into a calyptix access enforcer as your network lead router.  This product has filtered lists you pay by subscription and it may contain proxies.  Call them first.  ps. I do not get paid by the calyptix company for this information.  I have installed one and it works quite well.  Good Luck
0
 

Author Comment

by:Ajeet Kumar
Comment Utility
what is the solution to block the proxy websites, there must be someway, how can i block all these proxies via asa firewall
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Expert Comment

by:Loki555
Comment Utility
If you have an Windows Network I would guess to disable the proxy settings in the client browser settings over GPO.
With additional .adm file it´s also possible for firefox.
If you are using a proxy in your network to access internet you can deploy our proxy, disable the settings.
In your firewall only accept requests from the proxy not from the client.
0
 

Author Comment

by:Ajeet Kumar
Comment Utility
is there any way, so that i can block proxy sites through cisco ASA firewall ?
0
 
LVL 3

Accepted Solution

by:
tbrent77 earned 500 total points
Comment Utility
Proxy url's are many and change a lot.  You can blacklist many of them but you simply can't get them all.  They change their urls and as such, your blacklist must change too.  Disabling proxy settings in a browser will not work either.

The only thing I could suggest at this point, is to split your network into groups and setup 'white-list only' routing for the group that is causing trouble.  That is, white-list the only places they should be allowed to go and block all others.  It is a work environment and surfing is not a company activity for most.  I have implemented this type of policy in the past.  When they complain, say it is company policy to enforce rules about where you go on the internet.  It's for safety and facebook and other sites are a security risk.  You won't make many friends, but  it does work as they cannot get to any proxy site to use it.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Is your computer hacked? learn how to detect and delete malware in your PC
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now