Tim Bates wrote:
On 5/10/2010 9:44 PM, John Dakos wrote:
Kromonos thank you for your message.
But I know this way with dstdom..... but the problem is... on web has a
hundreds bypass proxy sites... this is no way for administrators. I
spend a
lot of time to search on google for bypass domains.
Another idea ?
A method I used quite effectively at the school I work for (before the
education department got their act together) was this:
* Block HTTPS to IP addresses - very very few legitimate reasons for
this to be happening.
* Block common path names for CGI proxies - I found blocking URLs with
"cgi" and "nph" in them to be fairly effective. Only had one case of a
legitimate site being blocked here.
* Compile a list of free subdomain based dynamic DNS services -
configure a separate log file for requests that hit these, and monitor
them. I was randomly checking a few entries when I had a spare few minutes.
* Subscribe to proxy bypass mailing lists such as PeaceFire (subscribe
to a few). I found it useful to monitor these for a day or 2 after
getting them so I could find out who was getting the info, and from where.
Tim B
I would add opendns as a suggestion. Their lowest level service is
without cost and seems reasonably comprehensive. Non-free variants are
more flexible and have better reporting. We use them for porn and proxy
and then do our own url filtering in house for everything else. I guess
it gets a 'works here' certificate. YMMV.
--
Mike
