[squid-users] Block VPN access like hola.org ,ultrasurf

Yuri Voinov yvoinov at gmail.com
Fri Apr 29 22:04:57 UTC 2016

Hash: SHA256

every proxy admin faced with excessively smart users who want to bypass
a proxy. If you think that this is not true in your case - it means you
not know yet. While you suffer prince Hamlet's ethical dilemma - "To
bump or not to bump - that is a serious matter", your smart-ass users
will shamelessly use every possible tools and methods to step over you
and wipe they feet on the your proxy.

I am deeply sorry for you, but to solve this problem by means of a Squid
is not possible. It is necessary to take into account the existence of
Tor, VPN, URL shorteners, Google Translate (Yea, it also uses for
bypassing proxy!), SOCKS, http/https anonymizers etc. This is not easy
and not simple. This battle occurs every day.

I deliberately do not mention really advanced techniques of hiding one
type of traffic inside the other and another hacker's tools. VPN is a
strong, but not the last tool to ignore the proxy server if it does not
exist at all. And you can be sure your users will not miss them.

And in the fight against shield and sword sword usually wins.

Only a proxy in this issue is not worth little or nothing. Only trained
administrator with experienced network administrator and two pairs
bodied brain can more or less hinder the  life of these smart-ass users.

This day-by-day battle is significant part of IT security, which is not
product, but process.

Hard luck,

29.04.16 22:07, Yuri Voinov пишет:
> The another option is using advanced DPI with database. Like China
government uses.
> Squid itself can't.
> 29.04.16 16:33, Reet Vyas пишет:
> > Hi,
>       > I have working trasparent squid , Some users are using proxy
>       vpn in moziilla as addon and bypassing my squid, Please tell me
>       how to block all hola.org <http://hola.org> vpn and ulrta
>       surf, I have already blocked websites,but seems not working.
>       > Please let me know how to block these vpn access.
>       > _______________________________________________
>       > squid-users mailing list
>       > squid-users at lists.squid-cache.org
>       > http://lists.squid-cache.org/listinfo/squid-users

Version: GnuPG v2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160430/3ad2362e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160430/3ad2362e/attachment-0001.key>

More information about the squid-users mailing list