Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Block Proxy Avoidance Sites

ASA5520 with ASA-SSM-20. Currently using Websense product for Web filtering. Need to find a way for Firewall/SSM to track/block users using from using outside proxy servers using public IP address on port 80.

7 REPLIES

Re: Block Proxy Avoidance Sites

For tunnelling applications or web traffic? If applications, then they are most probably using the HTTP CONNECT Method, there is a signature built into the Cisco IPS for that. You can set the action to Deny for that signature. But test it out before :). Also exclude your genuine proxy servers from this signature using Event Action Filters.

Regards

Farrukh

Re: Block Proxy Avoidance Sites

Is there a legitimate way of doing this for those who are tunneling HTTP traffic to avoid Websense? Obviously you can block the proxy sites in Websense, but there are so many new ones every day...

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Re: Block Proxy Avoidance Sites

Well you can use an ACL to block all outgoing traffic on port 80/443 EXCEPT when its sourced from your proxy servers?

Regards

Farrukh

Re: Block Proxy Avoidance Sites

We arn't using proxy servers. We need a way for the IPS sensor to report that someone is using an outside proxy... maybe some sort of long URL warning?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
New Member

Re: Block Proxy Avoidance Sites

Add this statement to your ASA.

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block

Re: Block Proxy Avoidance Sites

Do you really think this will block 'proxy avoidance sites'? Or just the proxies users put in their browser's?

Regards

Farrukh

New Member

Re: Block Proxy Avoidance Sites

In my case Websense was able to block these sites & the ASA command seems to be blocking IP address's when a user tries to bypass Websense when adding the IP address in IE.

1742
Views
0
Helpful
7
Replies