Block Proxy Avoidance Sites

Unanswered Question
Farrukh Haroon Thu, 05/28/2009 - 00:04
User Badges:
  • Red, 2250 points or more

For tunnelling applications or web traffic? If applications, then they are most probably using the HTTP CONNECT Method, there is a signature built into the Cisco IPS for that. You can set the action to Deny for that signature. But test it out before :). Also exclude your genuine proxy servers from this signature using Event Action Filters.


Regards


Farrukh

Christopher Bell Thu, 05/28/2009 - 02:57
User Badges:
  • Bronze, 100 points or more

Is there a legitimate way of doing this for those who are tunneling HTTP traffic to avoid Websense? Obviously you can block the proxy sites in Websense, but there are so many new ones every day...

Farrukh Haroon Thu, 05/28/2009 - 06:10
User Badges:
  • Red, 2250 points or more

Well you can use an ACL to block all outgoing traffic on port 80/443 EXCEPT when its sourced from your proxy servers?


Regards


Farrukh

Christopher Bell Thu, 05/28/2009 - 09:41
User Badges:
  • Bronze, 100 points or more

We arn't using proxy servers. We need a way for the IPS sensor to report that someone is using an outside proxy... maybe some sort of long URL warning?

Farrukh Haroon Fri, 05/29/2009 - 06:17
User Badges:
  • Red, 2250 points or more

Do you really think this will block 'proxy avoidance sites'? Or just the proxies users put in their browser's?


Regards


Farrukh

Actions

This Discussion