04-08-2014 11:28 PM
hi all,
We have a WSA in the network as a transparent proxy.
Is there a way for WSA to block the use of TOR Browser?
Also is it possible to limit torrent bandwidth too
04-14-2014 06:39 AM
I am also interested in this information. Tor Browser seems to cut right through WSA with ease...
10-21-2014 06:55 AM
Any info on blocking TOR.
As for bit torrent you can do that on the AVC section but that will only work if users are using port 80 or 443 since bit torrent uses dynamic ports you may need to use nbar or another packet inspection tool.
10-22-2014 10:39 PM
* Requiring NTLM auth in explicit proxy mode stops it cold - this is
just a missing feature in TOR.
* If you disable auth, or use Basic auth, then requiring that SSL
destinations have server certs signed by known CA's will stop it. (This
works regardless of the decryption reputation, as the WSA always appears
to check this in explicit mode when configured.)
* If you disable the above two methods, the "filter avoidance" URL
category is only effective against the initial "find directory servers"
boot-up. If we miss one, or the client has this info cached from
before, the URL category is not effective.
* Another method that would be effective would be to block all browsing
by IP address; however, this has a pretty good chance of false
positives.
Notice that the above will only work if all egress ports which are not proxied are blocked. TOR will attempt to go outbound on higher ports; if you are not blocking these (eg on the Firewall), it becomes nearly impossible to effectively block TOR.
10-21-2014 05:29 PM
Hi Guys,
* Requiring NTLM auth in explicit proxy mode stops it cold - this is
just a missing feature in TOR.
* If you disable auth, or use Basic auth, then requiring that SSL
destinations have server certs signed by known CA's will stop it. (This
works regardless of the decryption reputation, as the WSA always appears
to check this in explicit mode when configured.)
* If you disable the above two methods, the "filter avoidance" URL
category is only effective against the initial "find directory servers"
boot-up. If we miss one, or the client has this info cached from
before, the URL category is not effective.
* Another method that would be effective would be to block all browsing
by IP address; however, this has a pretty good chance of false
positives.
Notice that the above will only work if all egress ports which are not proxied are blocked. TOR will attempt to go outbound on higher ports; if you are not blocking these (eg on the Firewall), it becomes nearly impossible to effectively block TOR.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide