[squid-users] Block VPN access like hola.org ,ultrasurf

Reet Vyas reet.vyas28 at gmail.com
Mon May 2 05:24:46 UTC 2016


Thanks so much for detailed explanation, will try cisco thing and will
check if it gets working

On Sat, Apr 30, 2016 at 3:34 AM, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> AFAIK,
>
> every proxy admin faced with excessively smart users who want to bypass a
> proxy. If you think that this is not true in your case - it means you not
> know yet. While you suffer prince Hamlet's ethical dilemma - "To bump or
> not to bump - that is a serious matter", your smart-ass users will
> shamelessly use every possible tools and methods to step over you and wipe
> they feet on the your proxy.
>
> I am deeply sorry for you, but to solve this problem by means of a Squid
> is not possible. It is necessary to take into account the existence of Tor,
> VPN, URL shorteners, Google Translate (Yea, it also uses for bypassing
> proxy!), SOCKS, http/https anonymizers etc. This is not easy and not
> simple. This battle occurs every day.
>
> I deliberately do not mention really advanced techniques of hiding one
> type of traffic inside the other and another hacker's tools. VPN is a
> strong, but not the last tool to ignore the proxy server if it does not
> exist at all. And you can be sure your users will not miss them.
>
> And in the fight against shield and sword sword usually wins.
>
> Only a proxy in this issue is not worth little or nothing. Only trained
> administrator with experienced network administrator and two pairs bodied
> brain can more or less hinder the  life of these smart-ass users.
>
> This day-by-day battle is significant part of IT security, which is not
> product, but process.
>
> Hard luck,
>                  Yuri
>
> 29.04.16 22:07, Yuri Voinov пишет:
> >
> > The another option is using advanced DPI with database. Like China
> government uses.
> >
> > Squid itself can't.
> >
> > 29.04.16 16:33, Reet Vyas пишет:
> > > Hi,
> >
> >
> >
> >       > I have working trasparent squid , Some users are using proxy
> >       vpn in moziilla as addon and bypassing my squid, Please tell me
> >       how to block all hola.org <http://hola.org> <http://hola.org> vpn
> and ulrta
> >       surf, I have already blocked websites,but seems not working.
> >
> >
> >
> >       > Please let me know how to block these vpn access.
> >
> >
> >
> >
> >
> >
> >
> >       > _______________________________________________
> >
> >       > squid-users mailing list
> >
> >       > squid-users at lists.squid-cache.org
> >
> >       > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXI9qIAAoJENNXIZxhPexGISAH/ivV0JV6zUhN5C85GubgI3or
> EZJgL706JL+Q6CasmYF/88gau/j7EwYW+mtJ9EzdMGVo5lGkQW3Y/y6SjAmCdtI3
> J4eJMGIqi8mQRzfx55HGEv2cXHsYh3hxcBcBay4YHM9NFcXW/xMqsnwrkICULI6b
> mu91LERDiH5iBn9cT1qquKoTV8rg5E1eb6ZATA8r6VYRoZutzHN5/v4eww1ogxmc
> cE+DVzEcK5VJYFtfUHEyOCO785Xu1TSCctmmvzjrv2SpBQcgxJJ6pSrDrk+Qw614
> g50IJz26t0zqlrC/Z+LU0SeAgW7iboPID5yA/3bxWLSnupex3W93lwlPSJu48Pg=
> =V6pf
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160502/da5ceadb/attachment.html>


More information about the squid-users mailing list