Re: [squid-users] Block all Web Proxies with squid.

[Jason Wallace]

The best way to do this may be by your dns server.  Get a list of the 
proxy domain names and route them to 127.0.0.1 or wherever.  dnsmasq 
does this well and one of the latest versions was streamlined to handle 
HUGE hosts files very quickly via hash tables/buckets.  So script up a 
hosts file that is like:

proxy1.com 127.0.0.1
proxy2.com 127.0.0.1
etc.
This handles all traffic to the bad site, not just http or https  ;-)

Also filter out port 57 to the outside world so that a really clever guy 
can't just change his dns servers.

Alternatively, with OpenDNS.com's dns servers you can opt into a free 
filtering setup that will filter adult content and/or proxies.  Check it 
out.  You just use them as your dns server instead of you isp/upstream.

Or do both of the above.

Let me know if this helped....

Jason


[EMAIL PROTECTED] wrote:
I am doing the same but, there are number of ports these free proxy servers
use: like 3128, 8000, 8080, 7001, 6666 etc
Probably we can redirect nummber of them to our proxy server but this number
is too large. Plus there are chances that you may block real website
services using these ports.



-- Umar

----- Original Message ----- 
From: <[EMAIL PROTECTED]>
To: <squid-users@squid-cache.org>
Sent: Wednesday, September 05, 2007 5:56 AM
Subject: Re: [squid-users] Block all Web Proxies with squid.


  
Quoting Preetish <[EMAIL PROTECTED]>:

    
On 9/5/07, Norman Noah <[EMAIL PROTECTED]> wrote:
      
Well if u want to block proxy you can get the list from

www.proxy.org.
        
But this list is paid.is there any free list or can someone send a an
attached text file of the list.Even i face the same Issue.May be we
can make it work with SquidGaurd.
      
they have the updated list of all running proxies..

y must u allow https not to go through squid ?

in my environment all internet access must go through squid.

        
Im sort of curious how you route your traffic?  Im using iptables and
reroute all port 80 traffic to my proxy on port 8080.  Port 443
traffic goes straight to website, because you cant cache encrypted
traffic.  Or am I totally wrong about this?


--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools
    



--- AV & Spam Filtering by M+Guardian - Risk Free Email (TM) ---