LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Squid (Blocking tunneling sites) (https://www.linuxquestions.org/questions/linux-server-73/squid-blocking-tunneling-sites-540925/)

suhas! 03-27-2007 12:25 AM
Squid (Blocking tunneling sites)
 
Hi all,

Is there any way to block tunneling sites in squid.

We are using Squid server for quite a big network, there users are having access to all the sites except mails sites, jobs sites and porn sites. But users uses the tunneling sites which allows them to access any blocked sites easily. And to block every tunneling site is very tedious job as everyday new tunneling sites are emerging.

Also some users are using Proxy Bypassing Software. Do anyone have idea how to block Proxy Bypassing software?

Or any good idea about tightening Web access security in Squid, please suggest.


Thanks all.......

acid_kewpie 03-28-2007 01:28 PM
well squid addons like dansguardian and squidguard provide url blocklists for things like that, but it's not somethign meant to be so heavily done in squid itself.

a word of warning, google is about the bext website anonymizer around... you aren't going to block that ehh? (actually you could filter the url to watch for the google engligh to english translation strings...)

suhas! 03-29-2007 06:04 AM
Thanx friend,

I searched for squidguard on internet, and I got readymade updated list of all porn, proxy, email etc. domains.

I am going to use this block list, hope this works!

Still if any other way is there then let me know.


Thanks a lot... :)

drokmed 03-30-2007 02:29 PM
We're using dansguardian with squid to block sites with *naughty* content. However, there really isn't any way to block all email and proxy sites. Heck, budweiser.com offers free email accounts. Anyone can setup a linux server at their home to accept/tunnel/etc.

What we do is implement office policies, and inform the users that we log (true) every single web page they visit. Then later, if a manager suspects misconduct, we can always pull up a listing of all sites visited, and discipline from there.

I'm sure there are people who abuse our system, but they all will eventually be caught. We make public examples out of abusers. It keeps everyone else honest.

Fear works :)

acid_kewpie 03-30-2007 02:41 PM
this was a fairly interesting thread about http tunnel blocking... http://www.mail-archive.com/debian-f.../msg06958.html


All times are GMT -5. The time now is 06:31 PM.