Solved

How to block the proxy websites

Posted on 2014-07-23
6
455 Views
Last Modified: 2014-08-23
i have blocked url's in my router, but users are accessing the websites via proxy sites, how can i block proxy in my cisco 1841 Router & ASA.
0
Comment
Question by:Ajeet Kumar
6 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40213677
there are only two options to solve

1.) use a third party tool for URL Filtering
2.) Denay https-traffic

SO in my opinion the first solution is the right one.

Why? its impossible for the asa or the router to know all proxy sites or tools. And you do not have time to scan the network for these all the time. So you need url blacklists where the urls are categorized for you.
0
 
LVL 3

Expert Comment

by:tbrent77
ID: 40217326
There really is no way to effectively block proxy sites as their urls are many and vast and also change a lot.  Blocking https won't work either because its required by some sites and some proxies don't use it.

You can try blocking the most common sites.  You might also look into a calyptix access enforcer as your network lead router.  This product has filtered lists you pay by subscription and it may contain proxies.  Call them first.  ps. I do not get paid by the calyptix company for this information.  I have installed one and it works quite well.  Good Luck
0
 

Author Comment

by:Ajeet Kumar
ID: 40249563
what is the solution to block the proxy websites, there must be someway, how can i block all these proxies via asa firewall
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 
LVL 1

Expert Comment

by:Loki555
ID: 40260201
If you have an Windows Network I would guess to disable the proxy settings in the client browser settings over GPO.
With additional .adm file it´s also possible for firefox.
If you are using a proxy in your network to access internet you can deploy our proxy, disable the settings.
In your firewall only accept requests from the proxy not from the client.
0
 

Author Comment

by:Ajeet Kumar
ID: 40267319
is there any way, so that i can block proxy sites through cisco ASA firewall ?
0
 
LVL 3

Accepted Solution

by:
tbrent77 earned 500 total points
ID: 40267783
Proxy url's are many and change a lot.  You can blacklist many of them but you simply can't get them all.  They change their urls and as such, your blacklist must change too.  Disabling proxy settings in a browser will not work either.

The only thing I could suggest at this point, is to split your network into groups and setup 'white-list only' routing for the group that is causing trouble.  That is, white-list the only places they should be allowed to go and block all others.  It is a work environment and surfing is not a company activity for most.  I have implemented this type of policy in the past.  When they complain, say it is company policy to enforce rules about where you go on the internet.  It's for safety and facebook and other sites are a security risk.  You won't make many friends, but  it does work as they cannot get to any proxy site to use it.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question