How do you ban proxy servers in WinGate?
May 12 07 2:09 pm
I work for a school district and I ban words in URLs like sex, porn, game, etc. and sites like playboy.com, sex.com, whitehouse.com, etc. This works very well for banning, but the new game in town is the anonymous proxy which allow students to go to any site they wish. I am continuously banning more and more proxy servers, like unblock.cc, hideadmin.com, etc. There seems to be no end to them.
Is there a way to block all of these anonymous proxies at one time?
Thanks for any help,
Ken
Is there a way to block all of these anonymous proxies at one time?
Thanks for any help,
Ken
Re: How do you ban proxy servers in WinGate?
May 14 07 9:42 pm
Hi Ken,
Not my area but it's probable you will be endlessly chasing this one.
Could the idea of using only 'allowed sites' for the users' be possible, say allow all containing .gov, .edu etc.
Just a thought.
Not my area but it's probable you will be endlessly chasing this one.
Could the idea of using only 'allowed sites' for the users' be possible, say allow all containing .gov, .edu etc.
Just a thought.
May 15 07 7:07 am
As Nev says this is probably never ending. Some of these anonymous proxy sites use a secure server (Proxify is one) so it's next to impossible, other than ban those sites directly, to limit their use. A lot of these proxies are unsecured though and most use some type of simple form submission to take the user to the desired page. You could use WG's WWW service Advanced settings to set up a filter that limits the submission of forms based on URL criteria. I would suggest something like;
Filter 1
NOT HTTP POST data contains www. -note: not underlined in actual use
NOT HTTP POST data contains .com
NOT HTTP Query string contains www. -note: not underlined in actual use
NOT HTTP Query string contains .com
This would cover both POST and GET type of forms. Now this won't be perfect because I wouldn't be able to submit this post on this forum(as it contains those criteria) but it will stop most unsecured anonymous proxy attempts and still allow the majority of legitimate form submissions. This hopefully may be of some use to you.
Filter 1
NOT HTTP POST data contains www. -note: not underlined in actual use
NOT HTTP POST data contains .com
NOT HTTP Query string contains www. -note: not underlined in actual use
NOT HTTP Query string contains .com
This would cover both POST and GET type of forms. Now this won't be perfect because I wouldn't be able to submit this post on this forum(as it contains those criteria) but it will stop most unsecured anonymous proxy attempts and still allow the majority of legitimate form submissions. This hopefully may be of some use to you.
May 16 07 8:51 pm
Just thought I would also add:
If the LAN Clients have NAT (default gateway pointing to the Internal network card of WinGate server), or the WinGate Internet Client (WGIC) then you can restrict usage via the policy area of the Extended Networking Service (ENS) and Winsock Redirector Service (WRS).
You also have some default actions for different connections in the Port Security area; they would take precedence over the ENS Policy. Locking down LAN connections to the internet could be an option, and then open what is necessary - you could still put an intercept on in WWW Proxy --> Sessions in this scenario; that intercept will also catch people using SOCKS for webpage access.
*Please note, the "Connections from the internet" option could be interpreted as "Connections to an EXTERNAL adapter".
If the LAN Clients have NAT (default gateway pointing to the Internal network card of WinGate server), or the WinGate Internet Client (WGIC) then you can restrict usage via the policy area of the Extended Networking Service (ENS) and Winsock Redirector Service (WRS).
You also have some default actions for different connections in the Port Security area; they would take precedence over the ENS Policy. Locking down LAN connections to the internet could be an option, and then open what is necessary - you could still put an intercept on in WWW Proxy --> Sessions in this scenario; that intercept will also catch people using SOCKS for webpage access.
*Please note, the "Connections from the internet" option could be interpreted as "Connections to an EXTERNAL adapter".
Jun 28 07 5:06 pm
FYI: Just did a policy for someone having a similar problem - i.e. web pages that have web browser type forms that can bypass the proxy filters. The following managed to stop the ones we tested against:
WWW Proxy --> Policies --> Everyone --> Advanced tab:
Filter 1
This criterion is *NOT* met if HTTP Header Field Contains application/x-www-form-urlencoded
Header Field = Content-Type
Let the forum know of any feedback on that policy
WWW Proxy --> Policies --> Everyone --> Advanced tab:
Filter 1
This criterion is *NOT* met if HTTP Header Field Contains application/x-www-form-urlencoded
Header Field = Content-Type
Let the forum know of any feedback on that policy
Jun 28 07 7:07 pm
Actually, I retract that statement - it caused problem on Hotmail's calendar and on futher research a lot of forms use that Content Type by default. One of the developers just mentioned to me that the next verison will be able to detect these kind of website better.