Just configuring the proxy/squid and blocking few popularly known sites from your network is not just enough, because there are thousands of active anonymous proxy sites on the net, that your users can use to by-pass your proxy rules.

I too face this problem, when I configured proxy in my network using squid. I thought this is it, but to my surprise this was not, as users were fooling my proxy by using these sites.

I started by adding them to block list but when number started to be in hundreds, long lists started to take toll on my system’s performance. So I have to find a solution to this.

NOTE: Configuring squid is out-of-scope of this article.

Problems I encounter:
1. Anonymous proxy sites use encoded URLs to fool/by-pass proxy servers, but they use specific words in their URL.
2. Squid doesn’t show encoded part of the URL.

Solution:
Step 1: Use your favorite editor and open squid.conf

# vi /etc/squid/squid.conf

Step 2: Make a new ACL, for keywords if you don’t have yet.

acl anon-prox-sites urlregex –i “/squid/blocked/keywords”

Step 3: Deny access to this newly created acl.

http_access deny anon-prox-sites

Step 4: Save and Close squid.conf file.

:wq! [Enter]

Step 5: Create “keywords” file.

# cd /squid/blocked/
# touch keywords

Step 6: Add “browse.php?u=” to keywords file.

# echo “browse.php?u=” >> keywords

Step 7: Signal squid to reload its conf file.

# /etc/init.d/squid reload

If you have done all the above mentioned steps correctly, you have blocked thousands of anonymous proxy sites. I have implemented this solution myself, till now I am a winner.

But, do remember this is just a “mouse and cat’s” game.

Things you must be doing after this:

1.  Take regular watch on your squid logs.
If you enjoyed this post, make sure you subscribe to my RSS feed!!!!

No related content found.