Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Minimizing/Stopping http-tunneling

Hi everyone,

Would anyone have suggestions on how I might minimize/stop users from performing http-tunneling to bypass our content filtering, using instant messanger, etc.....

I currently have all outgoing ports block except for 80, 443 from those networks.

What I have noticed is the user are setting up proxy servers at their home then building ssh tunnel over port to their servers.

One of the ideas, I was thinking of trying was setting up a proxy server (squid, ISA, whatever) with WCCP. Once this was setup, I was only going to allow internet access from the Proxy server on ports 80, 443 and close everything else.

I know that this is shot in the dark.

Thanks for the advice.

-- Dominique

Cisco Employee

Re: Minimizing/Stopping http-tunneling

V7.0 of PIX code (I presume you have a PIX since you've asked this on the firewalling group) has some good stuff for stopping IM's, etc.

You can read about how to configure it here:

Specifically look at the "port-misuse" parameter under the http-map.

You can get v7.0 code from here:

And the rest of the v7 documentation, for your perusal is here:

CreatePlease to create content