[fw-wiz] Proxy - content filter related

From: noc ops (aptgetd_at_gmail.com)
Date: 06/30/05

  • Next message: Mark Tinberg: "Re: [fw-wiz] SSH brute force attack" 
    To: firewall-wizards@honor.icsalabs.com
Date: Thu, 30 Jun 2005 10:20:44 -0700

    Hi,

    I'm not sure if my previous e-mail made it the list as I didn't see it.
    Anyway, here it is again and my apologies for any duplication.

    Is it possible to look at the *outgoing* client-proxy request headers
    (w/o going through a local proxy server) in order to identify/block
    proxy related traffic?

    a. users (user-agent) to non-SSL HTTP proxies
    b. users (user-agent) to SLL HTTP proxy (encrypted)

    Since the traffic is being redirected (transparently) via school's
    content filter appliance (open-source product), does it make sense to
    enable proxy so that the appliance provides SSL & non-SSL tunneling
    CONNECT extension method, so that we can identify (via CONNECT) and
    filter traffic (via keyword). Is it a worthwhile effort?

    I can't see any other way to address proxy related traffic (google web
    accelerator as an example) which is currently bypasses our content
    filter based on egress traffic. Unless I perform deep packet inspection,
    look for incoming response, which might slow things down since filtering
    is being done in the software.

    I'm not sure what I can get out of SSL proxy packets since it creates
    a secure connection (encrypted session) between client and server but
    any thoughts will be greatly appreciated.

    The purpose of this is to inspect/block naughty sites which students
    access using third party proxies to bypass school's content filter(s).
    I'm trying to help a public school with this issue and any help will be
    awesome!

    Any pointers to any in-depth papers or books which talks about proxies
    in depth will be excellent.

    Appreciate your time/help.

    regards,
    /vicky

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mark Tinberg: "Re: [fw-wiz] SSH brute force attack"

    Relevant Pages

    • Re: Afternoon scores ...
      ... McCain Falls Flat with Vets Group ..... ... same thing via a proxy on thier own PC - FOR FREE. ... to someone else.They can fine tune it any way THEY prefer. ... I can filter individuals but I would ...
      (rec.boats)
    • Re: Proxy - content filter related
      ... only able to filter based on the URL only. ... > Looking for some insight regarding dealing with proxy traffic. ... Unless I perform deep packet inspection, ... > access using third party proxies to bypass school's content filter. ...
      (Security-Basics)
    • Re: Blocking Access to web-based email
      ... > two different proxy servers, one filtered, and one ... > authentication, the other non-filtered proxy ... > full access can log into ProxyPro, ... It can filter IM by examining the packets, so it can't be fooled by falling ...
      (comp.security.firewalls)
    • Re: Afternoon scores ...
      ... McCain Falls Flat with Vets Group ..... ... same thing via a proxy on thier own PC - FOR FREE. ... to someone else.They can fine tune it any way THEY prefer. ... I can filter individuals but I would ...
      (rec.boats)
    • Re: Proxy Server - web filtering?
      ... A word filter is only going to be partially effective. ... Expanding it to include other detestable words, can end up blocking ... certain addresses, and you can use their block list, with a local proxy, ... and the Squid documentation has hints about blocking ...
      (alt.os.linux.redhat)
    • Quantcast