Solved

How to block the proxy websites

Posted on 2014-07-23
6
536 Views
Last Modified: 2014-08-23
i have blocked url's in my router, but users are accessing the websites via proxy sites, how can i block proxy in my cisco 1841 Router & ASA.
0
Comment
Question by:Ajeet Kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40213677
there are only two options to solve

1.) use a third party tool for URL Filtering
2.) Denay https-traffic

SO in my opinion the first solution is the right one.

Why? its impossible for the asa or the router to know all proxy sites or tools. And you do not have time to scan the network for these all the time. So you need url blacklists where the urls are categorized for you.
0
 
LVL 3

Expert Comment

by:tbrent77
ID: 40217326
There really is no way to effectively block proxy sites as their urls are many and vast and also change a lot.  Blocking https won't work either because its required by some sites and some proxies don't use it.

You can try blocking the most common sites.  You might also look into a calyptix access enforcer as your network lead router.  This product has filtered lists you pay by subscription and it may contain proxies.  Call them first.  ps. I do not get paid by the calyptix company for this information.  I have installed one and it works quite well.  Good Luck
0
 

Author Comment

by:Ajeet Kumar
ID: 40249563
what is the solution to block the proxy websites, there must be someway, how can i block all these proxies via asa firewall
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 1

Expert Comment

by:Loki555
ID: 40260201
If you have an Windows Network I would guess to disable the proxy settings in the client browser settings over GPO.
With additional .adm file it´s also possible for firefox.
If you are using a proxy in your network to access internet you can deploy our proxy, disable the settings.
In your firewall only accept requests from the proxy not from the client.
0
 

Author Comment

by:Ajeet Kumar
ID: 40267319
is there any way, so that i can block proxy sites through cisco ASA firewall ?
0
 
LVL 3

Accepted Solution

by:
tbrent77 earned 500 total points
ID: 40267783
Proxy url's are many and change a lot.  You can blacklist many of them but you simply can't get them all.  They change their urls and as such, your blacklist must change too.  Disabling proxy settings in a browser will not work either.

The only thing I could suggest at this point, is to split your network into groups and setup 'white-list only' routing for the group that is causing trouble.  That is, white-list the only places they should be allowed to go and block all others.  It is a work environment and surfing is not a company activity for most.  I have implemented this type of policy in the past.  When they complain, say it is company policy to enforce rules about where you go on the internet.  It's for safety and facebook and other sites are a security risk.  You won't make many friends, but  it does work as they cannot get to any proxy site to use it.
0

Featured Post

Are Your IoT Devices Out to Get You?

IoT business is booming, with manufacturers connecting any and every “thing” to the Internet. But as pressure grows to release new products faster and faster, we’re all left to wonder: is security a priority? Join our webinar on June 29th for the answer.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question