Security Basics mailing list archives
Re: Proxy Port detection
From: "Steve Crapo" <CrapoS () dor state fl us>
Date: Thu, 23 Dec 2004 14:46:25 -0500
URL requests that are not going through a proxy just request the subpage, such as " GET /index.html " in the HTTP header for example, they do not include the host site. When going through a proxy that is configured through a browser, the request includes the full URL "GET http://www.test.com/index.html " So you could filter outbound requests that include the full URL in the HTTP headers GET request. This will not help you if they use the web-based proxies like proxify.com or anonymizer.com though, you will have to block those sites manually by address. There is a way to grey out the proxy settings inside 'LAN settings' field so that the users can not change it as well. Desktop policies is out my area, but I found these REG keys in some articles on the web. Seems to work, but you would have to have a method of pushing registry changes to your users. [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] "Autoconfig"=dword:00000001 "Proxy"=dword:00000001 Setting these values to 1 greys them out, 0 unlocks it. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable"=dword:00000000 Setting it to 0 is no proxy enabled. Not foolproof, but probably helpful.
John Madden <chiwawa999 () yahoo com> 12/22/2004 10:45:07 AM >>>
Hi, In our enterprise we have URL filtering capabilities and we restrict the usual sites (Porn, Sports, Gambling etc..) We do not use a proxy, so everyone goes directly to the internet. I believe that some users put in their proxy settings an anonymous proxy using port 80 (which is obviously allowed) and in that manner avoid the restriction of the URL filtering. First thoughts: - Blocking all the anonymous proxy is imposible and would be a full time job - The use of a proxy is not an option right now Is there any way to detect this type of traffic (HTTP-Proxy) ? I'm sure someone had this problem before... Any help would be appreciated. Thanks __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
Current thread:
- Proxy Port detection John Madden (Dec 22)
- Re: Proxy Port detection Alexander Klimov (Dec 23)
- <Possible follow-ups>
- Re: Proxy Port detection Steve Crapo (Dec 23)
- Re: Proxy Port detection Ivan Coric (Dec 23)
- RE: Proxy Port detection Andrew Shore (Dec 23)