The best way to do this may be by your dns server. Get a list of the
proxy domain names and route them to 127.0.0.1 or wherever. dnsmasq
does this well and one of the latest versions was streamlined to handle
HUGE hosts files very quickly via hash tables/buckets. So script up a
hosts file that is like:
proxy1.com 127.0.0.1
proxy2.com 127.0.0.1
etc.
This handles all traffic to the bad site, not just http or https ;-)
Also filter out port 57 to the outside world so that a really clever guy
can't just change his dns servers.
Alternatively, with OpenDNS.com's dns servers you can opt into a free
filtering setup that will filter adult content and/or proxies. Check it
out. You just use them as your dns server instead of you isp/upstream.
Or do both of the above.
Let me know if this helped....
Jason
sa@streaming-networks.com wrote:
> I am doing the same but, there are number of ports these free proxy servers
> use: like 3128, 8000, 8080, 7001, 6666 etc
> Probably we can redirect nummber of them to our proxy server but this number
> is too large. Plus there are chances that you may block real website
> services using these ports.
>
>
>
> -- Umar
>
> ----- Original Message -----
> From: <dhottinger@harrisonburg.k12.va.us>
> To: <squid-users@squid-cache.org>
> Sent: Wednesday, September 05, 2007 5:56 AM
> Subject: Re: [squid-users] Block all Web Proxies with squid.
>
>
>
>> Quoting Preetish <preetish.tripathi@gmail.com>:
>>
>>
>>> On 9/5/07, Norman Noah <norman.noah@gmail.com> wrote:
>>>
>>>> Well if u want to block proxy you can get the list from
>>>>
>>>> www.proxy.org.
>>>>
>>> But this list is paid.is there any free list or can someone send a an
>>> attached text file of the list.Even i face the same Issue.May be we
>>> can make it work with SquidGaurd.
>>>
>>>> they have the updated list of all running proxies..
>>>>
>>>> y must u allow https not to go through squid ?
>>>>
>>>> in my environment all internet access must go through squid.
>>>>
>>>>
>> Im sort of curious how you route your traffic? Im using iptables and
>> reroute all port 80 traffic to my proxy on port 8080. Port 443
>> traffic goes straight to website, because you cant cache encrypted
>> traffic. Or am I totally wrong about this?
>>
>>
>> --
>> Dwayne Hottinger
>> Network Administrator
>> Harrisonburg City Public Schools
>>
>
>
>
> --- AV & Spam Filtering by M+Guardian - Risk Free Email (TM) ---
>
>
>
>
Received on Tue Sep 04 2007 - 22:53:47 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT