[squid-users] Block VPN access like hola.org ,ultrasurf

Yuri Voinov yvoinov at gmail.com
Fri Apr 29 22:04:57 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
AFAIK,

every proxy admin faced with excessively smart users who want to bypass
a proxy. If you think that this is not true in your case - it means you
not know yet. While you suffer prince Hamlet's ethical dilemma - "To
bump or not to bump - that is a serious matter", your smart-ass users
will shamelessly use every possible tools and methods to step over you
and wipe they feet on the your proxy.

I am deeply sorry for you, but to solve this problem by means of a Squid
is not possible. It is necessary to take into account the existence of
Tor, VPN, URL shorteners, Google Translate (Yea, it also uses for
bypassing proxy!), SOCKS, http/https anonymizers etc. This is not easy
and not simple. This battle occurs every day.

I deliberately do not mention really advanced techniques of hiding one
type of traffic inside the other and another hacker's tools. VPN is a
strong, but not the last tool to ignore the proxy server if it does not
exist at all. And you can be sure your users will not miss them.

And in the fight against shield and sword sword usually wins.

Only a proxy in this issue is not worth little or nothing. Only trained
administrator with experienced network administrator and two pairs
bodied brain can more or less hinder the  life of these smart-ass users.

This day-by-day battle is significant part of IT security, which is not
product, but process.

Hard luck,
                 Yuri

29.04.16 22:07, Yuri Voinov пишет:
>
> The another option is using advanced DPI with database. Like China
government uses.
>
> Squid itself can't.
>
> 29.04.16 16:33, Reet Vyas пишет:
> > Hi,
>
>
>
>       > I have working trasparent squid , Some users are using proxy
>       vpn in moziilla as addon and bypassing my squid, Please tell me
>       how to block all hola.org <http://hola.org> vpn and ulrta
>       surf, I have already blocked websites,but seems not working.
>
>
>
>       > Please let me know how to block these vpn access.
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       > squid-users at lists.squid-cache.org
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXI9qIAAoJENNXIZxhPexGISAH/ivV0JV6zUhN5C85GubgI3or
EZJgL706JL+Q6CasmYF/88gau/j7EwYW+mtJ9EzdMGVo5lGkQW3Y/y6SjAmCdtI3
J4eJMGIqi8mQRzfx55HGEv2cXHsYh3hxcBcBay4YHM9NFcXW/xMqsnwrkICULI6b
mu91LERDiH5iBn9cT1qquKoTV8rg5E1eb6ZATA8r6VYRoZutzHN5/v4eww1ogxmc
cE+DVzEcK5VJYFtfUHEyOCO785Xu1TSCctmmvzjrv2SpBQcgxJJ6pSrDrk+Qw614
g50IJz26t0zqlrC/Z+LU0SeAgW7iboPID5yA/3bxWLSnupex3W93lwlPSJu48Pg=
=V6pf
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160430/3ad2362e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160430/3ad2362e/attachment-0001.key>

More information about the squid-users mailing list