Solved

How to block the proxy websites

Posted on 2014-07-23
6
503 Views
Last Modified: 2014-08-23
i have blocked url's in my router, but users are accessing the websites via proxy sites, how can i block proxy in my cisco 1841 Router & ASA.
0
Comment
Question by:Ajeet Kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40213677
there are only two options to solve

1.) use a third party tool for URL Filtering
2.) Denay https-traffic

SO in my opinion the first solution is the right one.

Why? its impossible for the asa or the router to know all proxy sites or tools. And you do not have time to scan the network for these all the time. So you need url blacklists where the urls are categorized for you.
0
 
LVL 3

Expert Comment

by:tbrent77
ID: 40217326
There really is no way to effectively block proxy sites as their urls are many and vast and also change a lot.  Blocking https won't work either because its required by some sites and some proxies don't use it.

You can try blocking the most common sites.  You might also look into a calyptix access enforcer as your network lead router.  This product has filtered lists you pay by subscription and it may contain proxies.  Call them first.  ps. I do not get paid by the calyptix company for this information.  I have installed one and it works quite well.  Good Luck
0
 

Author Comment

by:Ajeet Kumar
ID: 40249563
what is the solution to block the proxy websites, there must be someway, how can i block all these proxies via asa firewall
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 
LVL 1

Expert Comment

by:Loki555
ID: 40260201
If you have an Windows Network I would guess to disable the proxy settings in the client browser settings over GPO.
With additional .adm file it´s also possible for firefox.
If you are using a proxy in your network to access internet you can deploy our proxy, disable the settings.
In your firewall only accept requests from the proxy not from the client.
0
 

Author Comment

by:Ajeet Kumar
ID: 40267319
is there any way, so that i can block proxy sites through cisco ASA firewall ?
0
 
LVL 3

Accepted Solution

by:
tbrent77 earned 500 total points
ID: 40267783
Proxy url's are many and change a lot.  You can blacklist many of them but you simply can't get them all.  They change their urls and as such, your blacklist must change too.  Disabling proxy settings in a browser will not work either.

The only thing I could suggest at this point, is to split your network into groups and setup 'white-list only' routing for the group that is causing trouble.  That is, white-list the only places they should be allowed to go and block all others.  It is a work environment and surfing is not a company activity for most.  I have implemented this type of policy in the past.  When they complain, say it is company policy to enforce rules about where you go on the internet.  It's for safety and facebook and other sites are a security risk.  You won't make many friends, but  it does work as they cannot get to any proxy site to use it.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about achieving the basic levels of HRIS security in the workplace.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question