Not everything everything--I'm looking for whitelist/blacklist filtering for /proxies alone/ to be added.

In this scenario, every time JoeBox processes an outbound HTTP request (as determined by L7 filtering), it looks to see if the request is to a whitelisted proxy.  If it is, it's allowed to proceed to the destination.

If not, the JoeBox checks to see if it's to a previously auto-blacklisted open proxy.  If it is, the connection attempt is blocked.  

If it's not, it's allowed to continue to the final test, which is the JoeBox checks to see if the connection attempt is to an open proxy (which it can do by trying to use it as one).  If it is an open proxy, the connection attempt is blocked and the host:port is written to the auto-blacklisted open proxy list (with an expiration date of 1d or so).

If it's not an open proxy, the connection attempt proceeds to its destination.  It's kinda convoluted written out, but I can probably scare up a flowchart or something if it still doesn't make sense.

This wouldn't solve all of them (e.g., the sites that just work as web apps so kids can look at Facebook as you said), but it would probably cut down on P2P-over-HTTP-proxy traffic in a way that I don't think L7 filtering alone will do.

On Thursday, June 30, 2011 at 3:15 PM, Ray Soucy wrote:

I'm not exactly clear on what you're asking.

Are you suggesting that we block everything by default and only use
allow lists to permit access?

You can effectively do this by placing a "." on a line by itself in
your global block list, then creating entries for the sites you want
to allow in your allow list.

But coming up with a list of allowed sites would be a pretty big
challenge unless you want to be really restrictive.

Any usable commercial list for this sort of thing would likely be too
big to produce reasonable performance as well, which is likely why I'm
not aware of any that exist.

Most proxy sites used today are just web applications; each being
different; there isn't really a way to determine if it's an open proxy
or a proxy site without some AI that doesn't exist yet.

On a side note, the ".xxx" adult content domain has been approved. As
a result, you might want to stick ".xxx" in your global block list.

On Thu, Jun 30, 2011 at 2:00 PM, Kyle Green <[log in to unmask]> wrote:
It'd be nice if the JoeBox to be configured such that we can whitelist
acceptable proxies (for legitimate uses of squid or dansguardian or
whatever), and then it checks every further HTTP request to see if
it's an open proxy (and caches the result for a day or so).

Can that get put on the feature wish list? It just seems to me that
relying on set blacklists for this is going to result in us
perpetually being three steps behind.

Thanks.

On Jun 30, 2011, at 1:49 PM, Ray Soucy <[log in to unmask]> wrote:

Seth,

I contacted MecNet to see if they could look at additional sources for
their URL lists, and they have made an update.  I've applied the
update on your Joebox (the rest of users will get the update
overnight).

Do you notice any change?  Or is it still letting most through?

On Thu, Jun 30, 2011 at 7:47 AM, Seth Thompson <[log in to unmask]> wrote:
I have this enabled and the majority of proxies are still available.
Seth

On Mon, Jun 27, 2011 at 2:14 PM, Ray Soucy <[log in to unmask]> wrote:

"Sites with proxies to bypass filters" would be the MECguard category.
 Have you tried enabling this for your group filter lists?  I'm not
sure how comprehensive the list is...

On Mon, Jun 27, 2011 at 1:48 PM, Ed Bourdeau
<[log in to unmask]> wrote:
Overall I am very happy with the JoeBox/MecGuard  setup.  My number 1
input
for future change is that you add a Proxy settings option to MecGuard.
By
this I mean a more automated method to block proxies.  If you could
check a
box, and have your choice of black lists that you could subscribe to
this
would make the filtering much more manageable.  Right now this is my #1
hole.

Thanks,,Ed



Ed Bourdeau

Director of Technology

Erskine Academy

Tel. 1-207-445-2962-ext 125



--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/



--
Seth H. Thompson
Technology Director
Regional School Unit No. 5
207-865-4706 x232



--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/



--
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/