Blocking Proxy/HTTP Tunneling servers

[Justin Dover <dover () HARPETHHALL ORG>]

I am curious to how you guys are handling these outside internet proxies that are allowing students
to access websites that you specially block.  My situation is we block a few websites via DNS
pointing the address to 127.0.0.1.  Students can use a number of different sites to access these
blocked web addresses.  A few examples are www.unipeak.com and www.virtual-browser.com.

Do you just get a list of all the ips and web addresses and just add them to your dns and firewall
ACLs?  Do you use a product like websense to handle all of this at a content level?  I hoping there
is another way besides blocking each proxy server by ip.  I am a huge fan of ACLs on my Cisco
ASA5510 but do not want to add several 100s just for this task.

Justin Dover
Harpeth Hall School
615-346-0082