On Tue, Jan 23, 2007 at 09:41:37AM +0100, viuwier wrote: > Hello, > > Is there som kind od rules that can block access to > anonymous proxies? The problem I often face is that the most advanced > users always can work around the firewall by using proxies. > Umm, it sounds like you have a policy issue and you are trying to solve it with technology. If this is a workplace you are talking about, make it a terminating offence for people to do this. Have a grace period, say one month. During that time, if you detect someone doing it, send them a friendly reminder. After that, start firing people for violating the policy. Of course, you would need support from management to do this.
Also, ask yourself what harm this is causing you, the organization or the user(s). If people are sucking up all the available precious bandwidth, then maybe you should take action. If people are just wasting a little time each day going to "prohibited" sites (lots of places block things like slashdot, news sites, etc to prevent time wasting), ask yourself if this is something that really "should" be fixed. That is, aren't people going to waste time making personal telephone calls, standing around the water cooler and generally goofing off anyways? > I know that I could run a proxy myself but this is not exactly what I > want. The best would be if there could be a filter similar to ipp2p > which would check for a "proxy signature" and block those > communications. > What if the proxies are themselves transparent? At any rate, you would probably need to block all outbound traffic on every port except for 80 (or chosen proxy port) and setup a non-transparent authenticating proxy to really make this work. However, that is rather draconian if you ask me. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
