Hi All,

I'm wondering if anyone has had any experience with filtering out web based proxy servers, commonly used to get around URL filtering.

Does MT have any function to work with this?

Cheers!

Try to drop dst-port=3128,8080

This will work only in the case, when open proxy are used on these ports.

Not quite what i was looking for

Hi All,

I'm wondering if anyone has had any experience with filtering out web based proxy servers, commonly used to get around URL filtering.

Does MT have any function to work with this?

Cheers!

I think there is no easy way how to do it.
The only way is to analyze the data sent to the remote server. It means recognizing HTTP connections from other ones. The HTTP header sent from client to proxy differs from the one sent to server by the first line. Proxy server has to know what server you want to access so the browser must include full path to the document (GET http://www.server.com/document.htm HTTP/1.1). If browser connects directly to the WWW server the first header line contains only relative path to the document (GET /document.htm HTTP/1.1)....
HTTPS sites has to be treated differently (CONNECT method used through proxies)

I have no idea if you can do such content filtering in MT...

Regards
Dalibor Toman

you can filter by packet content - but that uses a lot of resources

look up filter in manual

Thanks guys. So if i understand correctly, i would want to try to filter traffic based on content, in particular looking for the GET method used by proxy's? Proxys are totally new to me.

Thanks guys. So if i understand correctly, i would want to try to filter traffic based on content, in particular looking for the GET method used by proxy's? Proxys are totally new to me.

as I wrote - the only differentce is that the 'http://hostname' part is missinf from the request if the browser access the WWW server directly. So you have to be able to recognize GET requests with protocol://hostname part from other ones which has no protocol://hostname definition. Maybe it ould be enough to check for http:// on beginning of the URL definition.

NOTE: the HTTP protocol defines other methods then GET too (POST,HEAD, TRACE,...). But I think you can forget about them in the filtering rules. If GET is blocked it is enough to prevent users to use not allowed proxies.

NOTE2: What if a customer will use SOCKS based proxy to go through your restriction rules ?

define socks based?

A bit of background. This is for a school, with a Windows based domain, so the computers are locked down quite tight, however the users are getting to 'blocked' sites such as bebo by using web based proxys, hence the questions

However, i think there are no other options available to them in this scenario, or are there?

Do you have any examples of the type of rules, or what the syntax may look like to acheive what youve mentioned above?

Cheers
Hayden