Search squid archive

Re: Block VPN access like hola.org ,ultrasurf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks so much for detailed explanation, will try cisco thing and will check if it gets working

On Sat, Apr 30, 2016 at 3:34 AM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
AFAIK,

every proxy admin faced with excessively smart users who want to bypass a proxy. If you think that this is not true in your case - it means you not know yet. While you suffer prince Hamlet's ethical dilemma - "To bump or not to bump - that is a serious matter", your smart-ass users will shamelessly use every possible tools and methods to step over you and wipe they feet on the your proxy.

I am deeply sorry for you, but to solve this problem by means of a Squid is not possible. It is necessary to take into account the existence of Tor, VPN, URL shorteners, Google Translate (Yea, it also uses for bypassing proxy!), SOCKS, http/https anonymizers etc. This is not easy and not simple. This battle occurs every day.

I deliberately do not mention really advanced techniques of hiding one type of traffic inside the other and another hacker's tools. VPN is a strong, but not the last tool to ignore the proxy server if it does not exist at all. And you can be sure your users will not miss them.

And in the fight against shield and sword sword usually wins.

Only a proxy in this issue is not worth little or nothing. Only trained administrator with experienced network administrator and two pairs bodied brain can more or less hinder the  life of these smart-ass users.

This day-by-day battle is significant part of IT security, which is not product, but process.

Hard luck,
                 Yuri

29.04.16 22:07, Yuri Voinov пишет:
>
> The another option is using advanced DPI with database. Like China government uses.
>
> Squid itself can't.
>
> 29.04.16 16:33, Reet Vyas пишет:
> > Hi,
>
>
>
>       > I have working trasparent squid , Some users are using proxy
>       vpn in moziilla as addon and bypassing my squid, Please tell me
>       how to block all hola.org <http://hola.org> vpn and ulrta
>       surf, I have already blocked websites,but seems not working.
>
>
>
>       > Please let me know how to block these vpn access.
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       > squid-users@xxxxxxxxxxxxxxxxxxxxx
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXI9qIAAoJENNXIZxhPexGISAH/ivV0JV6zUhN5C85GubgI3or
EZJgL706JL+Q6CasmYF/88gau/j7EwYW+mtJ9EzdMGVo5lGkQW3Y/y6SjAmCdtI3
J4eJMGIqi8mQRzfx55HGEv2cXHsYh3hxcBcBay4YHM9NFcXW/xMqsnwrkICULI6b
mu91LERDiH5iBn9cT1qquKoTV8rg5E1eb6ZATA8r6VYRoZutzHN5/v4eww1ogxmc
cE+DVzEcK5VJYFtfUHEyOCO785Xu1TSCctmmvzjrv2SpBQcgxJJ6pSrDrk+Qw614
g50IJz26t0zqlrC/Z+LU0SeAgW7iboPID5yA/3bxWLSnupex3W93lwlPSJu48Pg=
=V6pf
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux