Tim Bates wrote:
> On 5/10/2010 9:44 PM, John Dakos wrote:
>> Kromonos thank you for your message.
>>
>> But I know this way with dstdom..... but the problem is... on web has a
>> hundreds bypass proxy sites... this is no way for administrators. I
>> spend a
>> lot of time to search on google for bypass domains.
>>
>> Another idea ?
>
> A method I used quite effectively at the school I work for (before the
> education department got their act together) was this:
> * Block HTTPS to IP addresses - very very few legitimate reasons for
> this to be happening.
>
> * Block common path names for CGI proxies - I found blocking URLs with
> "cgi" and "nph" in them to be fairly effective. Only had one case of a
> legitimate site being blocked here.
>
> * Compile a list of free subdomain based dynamic DNS services -
> configure a separate log file for requests that hit these, and monitor
> them. I was randomly checking a few entries when I had a spare few minutes.
>
> * Subscribe to proxy bypass mailing lists such as PeaceFire (subscribe
> to a few). I found it useful to monitor these for a day or 2 after
> getting them so I could find out who was getting the info, and from where.
>
> Tim B
I would add opendns as a suggestion. Their lowest level service is
without cost and seems reasonably comprehensive. Non-free variants are
more flexible and have better reporting. We use them for porn and proxy
and then do our own url filtering in house for everything else. I guess
it gets a 'works here' certificate. YMMV.
-- MikeReceived on Tue Oct 05 2010 - 12:26:35 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 05 2010 - 12:00:02 MDT