How To Block Websites And Client Software

How To Block Websites And Client Software That Bypass Filtering With Safe Squid

Anonymous proxies are the easiest and most popular way for users to bypass an organization's Internet filtering. Another popular method to bypass filters, is to install tunneling software, and surf through them. Once connected, users can surf any website completely unmonitored, even if the site is blocked by the organization's web filter. Relying on URL Blacklists to block such access helps, but too late and too little. Keyword filtering helps in blocking websites in real-time, even when they are accessed through anonymous proxy sites, provided the connection is not HTTPS, since such connections are encrypted and can not be filtered. Most installable software available for bypassing filters also make HTTPS connections, and that is the reason why they are so successful. The first thing that an organization needs to do, is to completely block CONNECT requests (HTTPS), except to valid, business related sites. The allowed list should then be built over time, as and when users request access to valid HTTPS sites. This will render all HTTPS proxies and software that create HTTPS tunnels useless. This tutorial explains how you can do so with SafeSquid.
 
In the SafeSquid interface, go to Config => Profiles section, and add the following rule:

Option Value Enabled true Comment Block all CONNECT Requests Enable Profile Tracing false Protocol ^connect$ Time match mode absolutetime Added Profiles BLOCK-HTTPS

The above rule adds the profile BLOCK-HTTPS to all CONNECT requests.
 

Option Value Enabled true Comment Block access on Port 443 Enable Profile Tracing false Port range list 443 Time match mode absolutetime Added Profiles BLOCK-HTTPS

This rule also adds the profile BLOCK-HTTPS to all requests made for Port 443 (HTTPS).
 
Next, go to Config => URL filter section, and block the profile BLOCK-HTTPS, by adding this rule under the Deny subsection -
(Make sure that the section has been enabled - Enable = Yes, and and Policy=Allow)

Option Value Enabled true Comment Block requests with BLOCK-HTTPS profile. Profiles BLOCK-HTTPS

This rule will block all the request that carry the BLOCK-HTTPS profile, i.e. all CONNECT and HTTPS requests.
Now when you try to open an HTTPS website in your browser, you will get the URL Filter error template, saying that the site is blocked. So we have successfully blocked all HTTPS connections. Users will neither be able to access HTTPS proxy sites, nor use software that create HTTPS tunnels through SafeSquid Proxy.
The next thing to do, it to allow valid, business related HTTPS websites.
Again go to Config => Profiles section, and add the following rule:

Option Value Enabled true Comment Allow valid HTTPS sites, specified in Host below Enable Profile Tracing false Host (netbanking\.hdfcbank\.com|axisbank\.com|axisbank\. co\.in|kotak\.com|.*\.google\..*) Time match mode absolutetime Removed profiles BLOCK-HTTPS

The above rule REMOVES the profile BLOCK-HTTPS from requests made to websites specified in the Host field.
Try opening any of these sites and you will be able to open it. You can keep adding valid sites in the Host field, as and when you get requests from users, and you have checked out the websites. If the Host field gets too long, just click on Clone under the rule. This will create a duplicate rule. Edit the cloned rule, blank the Host field, and add new hosts. This concludes the tutorial.
 
posted by
Our Respectable
Lassy