Re: [squid-users] How to Block Anonymous Proxy Sites with Squid

From: Tim Bates <tin@dont-contact.us>
Date: Fri, 17 Aug 2007 11:34:48 +1000

Shekhar Gupta wrote:
> Can any one let me know how to block anonymous proxy sites . is their
> a ways to block such things with keyword in squid .
You mean websites that assist people in bypassing your rules?
I use 4 methods...
One: deny anything that has certain strings in the URL.
Two: deny known IP addresses I've gathered as I catch users using them.
Three: log URLs hosted on various Dynamic DNS sites. Checking through
these for any suspicious URLs allows me to add them to the list above.
Four: Block any HTTPS CONNECTs to URLs that are simply IP addresses.
Legitimate traffic should be using a domain name not an IP.

My rules look like this (these will not work without modification though):

acl killWebProxy urlpath_regex cgi-bin/nph-.*/
acl killWebProxy urlpath_regex nph-proxy\.cgi
acl killWebProxy urlpath_regex cgiproxy
acl killWebProxy urlpath_regex argh/nph-pwn\.pl
acl killWebProxyIP dst "/etc/squid/proxyips.txt"
acl dyndnsSites dstdomain "/etc/squid/dynamicDNS.txt"
acl ipdomain url_regex ^[0-9\.:]*$
logformat simpleLog %tl %ru %Ss %>a %ul
access_log /var/log/squid/webproxy-hits.log simpleLog killWebProxy
access_log /var/log/squid/webproxy-hits.log simpleLog killWebProxyIP
access_log /var/log/squid/webproxy-hits.log simpleLog CONNECT ipdomain
access_log /var/log/squid/dyndns-hits.log simpleLog dyndnsSites
deny_info ERR_ACCESS_DENIED_PROXY-BYPASS killWebProxy
deny_info ERR_ACCESS_DENIED_PROXY-BYPASS killWebProxyIP
deny_info ERR_ACCESS_DENIED_PROXY-BYPASS ipdomain
http_access deny dummyAuth killWebProxy
http_access deny dummyAuth killWebProxyIP
http_access deny dummyAuth BlockedSites

TB

**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
Received on Thu Aug 16 2007 - 19:35:38 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT