I used www.opendns.com On Wed, Aug 12, 2009 at 4:55 PM, Tim Nelson <tnel...@rockbochs.com> wrote:
> ----- "Zhu Sha Zang" <zhushaz...@yahoo.com.br> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hey, i'm using pfsense with transparent proxy (squid + squidGuard) > > working well here. > > > > But some users on my network are using ultrasurf that everything know > > use port 443 to connect on proxyes around internet. > > > > Isn't possible to block 443 port and open it selectively. > > > > Then, how the better way to block ultrasurf in this situation? > > > > thanks. > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v2.0.11 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > iEYEARECAAYFAkqC+1sACgkQ35zeJy7JhCiZ/ACfbD6efbiLvJnIHOOYcBDF1A5E > > YfkAmwVHMEY75oNGbMC1X7Vj3Mym5Fzj > > =bCg4 > > -----END PGP SIGNATURE----- > > > > You could put a rule on your LAN (or whatever interface your users connect > from) that blocks all outbound HTTPS traffic. Then, keeping rule order in > mind, selectively create allow rules for those IP's you wish to allow > outbound access to HTTPS. Ensuring the legitimate users have the proper IP > address and the malicious users don't change it manually or spoof it is a > whole different story. :-) > > Tim Nelson > Systems/Network Support > Rockbochs Inc. > (218)727-4332 x105 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
