Thank you all for the suggestions. I will try to read up on iptables and add the necessary rules, as well as try to add norhtghost IPs to the blacklist.
On another note, I noticed Tor Browser bypasses squid completely. The only search results I found on how to block it with squid date back to 2011. (Amos has a script for that?) Any idea how to block Tor? I downloaded it and ran it and none of its traffic is detected by Squid. > On Dec 23, 2016, at 4:31 AM, Eliezer Croitoru <elie...@ngtech.co.il> wrote: > > My suggestion would be to find the holes in the system. > There are couple good networking tools ie: > Iptstate > Iptraf-ng > netstat-nat > conntrackd-tools > > The above tools have the options to see what parts of the IP is not ports > such as: > 53 > 80 > 443 > > Which you can control easily. > You can easily add a DROP or REJECT rule in iptables for all new connections > on other then these ports as a starter. > It's very simple to write and I think you should dig a bit on iptables so you > would be able to understand how it works better to give you a glimpse into > the networking security world. > This amazing site and page: > http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables > > Gives a better understanding to iptables and also on networking. > If you need more guidance let me know. > > Eliezer > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -----Original Message----- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Sameh Onaissi > Sent: Friday, December 23, 2016 2:03 AM > To: Antony Stone <antony.st...@squid.open.source.it> > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Bypassed Proxy > > I have been trying to replicate what he is doing. > > I have tried 4 or 5 VPN software and none connects, including Hotspot Shield. > My iptables seem to be doing the job in that regard (Eliezer helped me set > them up) > > > >> On Dec 22, 2016, at 5:14 PM, Antony Stone >> <antony.st...@squid.open.source.it> wrote: >> >> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote: >> >>> The user has hotspot shield installed on his PC, which I believe is a >>> similar extension to the one you mentioned. >> >>> He is getting by squid with some sort of VPN, I thought squid can be >>> configured against such things? >> >> It sounds as though you need to review your firewall (routing) policies. >> >> Anyone who is allowed to use a VPN can effectively bypass all security >> policies on your network. >> >> >> Antony. >> >> -- >> Schrödinger's rule of data integrity: the condition of any backup is >> unknown until a restore is attempted. >> >> Please reply to the list; >> please *don't* CC me. >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
