12 
Just configuring the proxy/squid and blocking few popularly known sites from your network is not just enough, because there are thousands of active anonymous proxy sites on the net, that your users can use to by-pass your proxy rules.
I too face this problem, when I configured proxy in my network using squid. I thought this is it, but to my surprise this was not, as users were fooling my proxy by using these sites.
I started by adding them to block list but when number started to be in hundreds, long lists started to take toll on my system’s performance. So I have to find a solution to this.
NOTE: Configuring squid is out-of-scope of this article.
Problems I encounter:
1. Anonymous proxy sites use encoded URLs to fool/by-pass proxy servers, but they use specific words in their URL.
2. Squid doesn’t show encoded part of the URL.
Solution:
Step 1: Use your favorite editor and open squid.conf
Step 2: Make a new ACL, for keywords if you don’t have yet.
Step 3: Deny access to this newly created acl.
Step 4: Save and Close squid.conf file.
Step 5: Create “keywords” file.
# touch keywords
Step 6: Add “browse.php?u=” to keywords file.
Step 7: Signal squid to reload its conf file.
If you have done all the above mentioned steps correctly, you have blocked thousands of anonymous proxy sites. I have implemented this solution myself, till now I am a winner.
But, do remember this is just a “mouse and cat’s” game.
Things you must be doing after this:
Related Posts
No related posts.
That means I have to setup squid in my network.
what if I don’t want to, and I have a bluecoat and ASA devices. how can do the same. any idea?
Thanks
Yes you do have to setup squid in your network, alteast for these steps, but if you don’t want to, its your choice.
Sorry i have never worked on these proprietary proxy s/w, but i think they(your s/w) may support blocking of URLs based on specific keywords. if yes…then just use the keyword(browse.php?u=) mentioned in step 6.
I hope this helps.
i followed your steps carefully. BTW i am using squid n on dhcp. but i cannot make it run, i get following out put when i restart my squid.
[root@ns1 squid]# service squid restart
Stopping squid: 2011/04/19 12:48:50| strtokFile: /squid/keywords not found
2011/04/19 12:48:50| aclParseAclLine: WARNING: empty ACL: acl anon-prox-sites url_regex -i “/squid/keywords”
2011/04/19 12:48:50| parseConfigFile: line 642 unrecognized: ‘http_acess deny anon-prox-sites’
…………….
Thanks its works for me 100% thanks again
Thanks a lot, it works well, but mouses try to win the war using “index.php?” instead of “browse.php?”
Unfortunately, this keyword is used by lot of website like wiki :-(
Eric
Yes Eric, you can create an acl rule above your blocked acl rule, and than it will allow index.php? pages…
Thanks kashif,
I ‘ve found a solution.
Url use by proxies often uses index.php?u= and most of other web sites use index.php?
I’ve just had index.php?u= or index.php?q= in my blocked-file list.
It works, (in fact , my users don’t complain ! :-)
eric
Hi dusvidania,
Till now I was blocking the access of anonymous proxy sites with the help of list of anonymous proxy websites in a file and blocking that file in squid using acl.
I’m sending you the list of those websites on your mail id. You can check.
Best Regards,
Satyaveer Arya
About the source…well i tried lot of proxy sites and most of them uses some common pattern in there urls…this particular keyword “browse.php?u=” was in most URLs. Thanks for other comments
Hi dusvidania,
I used the above mentioned same method of yours to block anonymous proxy websites but it didn’t work for me.
Here below mentioned are my entries and rules in squid server.
In squid.conf file I used this rule:
acl anon-prox-sites url_regex -i “/etc/squid/blocked/keywords”
http_access deny anon-prox-sites
And in /etc/squid/blocked/keywords file I made these entries:
“browse.php?u=”
“index.php?u=”
“index.php?q=”
and service has been restarted.
Still when I test it, I’m able to open anonymous proxy websites.
Can you please help me in this? What I’m doing wrong?
Is there any mistake in rules?
I would be very thankful to you.
Best Regards,
Satyaveer Arya
please share the name of the proxy site(s), you are trying against…my mail id: dusvidania @ gmail.com
Hi dusvidania,
Till now I was blocking the access of anonymous proxy sites with the help of list of anonymous proxy websites in a file and blocking that file in squid using acl.
I’m sending you the list of those websites on your mail id. You can check.
Is the rule I was using that is yours rule which you mentioned here is correct?
Best Regards,
Satyaveer Arya