Block VPN access like hola.org ,ultrasurf

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Block VPN access like hola.org ,ultrasurf

reetika
Hi,

I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and bypassing my squid, Please tell me how to block all hola.org vpn and ulrta surf, I have already blocked websites,but seems not working.

Please let me know how to block these vpn access.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

Yuri Voinov

Not with squid, man.

Only on Cisco/another router by IP.

ip access-list extended TO_INET
 remark Hamachi
 deny   ip 25.0.0.0 0.255.255.255 any
 deny   ip 64.34.106.0 0.0.0.255 any
 deny   ip any host 69.25.21.195
 deny   ip any host 74.201.75.195
 deny   ip any host 146.255.195.92
 remark ZenMate servers
 deny   ip any 162.159.244.0 0.0.0.255
 deny   ip any 78.137.96.0 0.0.7.255
 deny   ip any 46.165.192.0 0.0.63.255
 deny   ip any 207.244.64.0 0.0.63.255
 deny   ip any 178.162.128.0 0.0.127.255
 deny   ip any 179.43.128.0 0.0.31.255
 deny   ip any 88.150.192.0 0.0.31.255
 deny   ip any 31.7.56.0 0.0.7.255
 deny   ip any 185.12.44.0 0.0.3.255
 deny   ip any 103.10.197.0 0.0.0.255
 deny   ip any 37.58.48.0 0.0.15.255
 deny   ip any 5.152.192.0 0.0.31.255
 deny   ip any 81.17.16.0 0.0.15.255
 deny   ip any 199.115.112.0 0.0.7.255
 deny   ip any 103.10.199.0 0.0.0.255
 remark Opera Turbo servers
 deny   ip any 37.228.104.0 0.0.7.255
 deny   ip any 141.0.8.0 0.0.7.255
 deny   ip any 82.145.208.0 0.0.15.255
 deny   ip any 195.189.142.0 0.0.1.255
 deny   ip any 185.26.180.0 0.0.3.255
 remark Ultrasurf port
 deny   tcp any any eq 9666
 remark Hola
 deny   ip any host 107.22.193.119
 deny   ip any host 54.225.121.9
 deny   ip any host 54.225.227.202
 deny   ip any host 54.243.128.120
 deny   tcp any any eq 6851
 deny   tcp any any eq 6861
 deny   ip any 107.155.75.0 0.0.0.255
 deny   ip any 103.18.42.0 0.0.0.255
 deny   ip any 103.27.232.0 0.0.0.255
 deny   ip any 103.4.16.0 0.0.0.255
 deny   ip any 103.6.87.0 0.0.0.255
 deny   ip any 104.131.128.0 0.0.15.255
 deny   ip any 106.185.0.0 0.0.127.255
 deny   ip any 106.186.64.0 0.0.63.255
 deny   ip any 106.187.0.0 0.0.63.255
 deny   ip any 107.155.85.0 0.0.0.255
 deny   ip any 107.161.144.0 0.0.7.255
 deny   ip any 107.170.0.0 0.0.127.255
 deny   ip any 107.181.166.0 0.0.0.255
 deny   ip any 107.190.128.0 0.0.15.255
 deny   ip any 107.191.100.0 0.0.3.255
 deny   ip any 108.61.208.0 0.0.1.255
 deny   ip any 109.74.192.0 0.0.15.255
 deny   ip any 128.199.128.0 0.0.63.255
 deny   ip any 14.136.236.0 0.0.0.255
 deny   ip any 149.154.157.0 0.0.0.255
 deny   ip any 149.62.168.0 0.0.3.255
 deny   ip any 151.236.18.0 0.0.0.255
 deny   ip any 158.255.208.0 0.0.0.255
 deny   ip any 162.213.197.0 0.0.0.255
 deny   ip any 162.217.132.0 0.0.3.255
 deny   ip any 162.218.92.0 0.0.1.255
 deny   ip any 162.221.180.0 0.0.1.255
 deny   ip any 162.243.0.0 0.0.127.255
 deny   ip any 167.88.112.0 0.0.3.255
 deny   ip any 168.235.64.0 0.0.3.255
 deny   ip any 173.255.192.0 0.0.15.255
 deny   ip any 176.58.96.0 0.0.31.255
 deny   ip any 176.9.0.0 0.0.255.255
 deny   ip any 177.67.81.0 0.0.0.255
 deny   ip any 178.209.32.0 0.0.31.255
 deny   ip any 178.79.128.0 0.0.63.255
 deny   ip any 192.110.160.0 0.0.0.255
 deny   ip any 192.121.112.0 0.0.0.255
 deny   ip any 192.184.80.0 0.0.7.255
 deny   ip any 192.211.49.0 0.0.0.255
 deny   ip any 192.241.160.0 0.0.31.255
 deny   ip any 192.30.32.0 0.0.3.255
 deny   ip any 192.34.56.0 0.0.7.255
 deny   ip any 192.40.56.0 0.0.0.255
 deny   ip any 192.73.232.0 0.0.7.255
 deny   ip any 192.81.208.0 0.0.7.255
 deny   ip any 192.99.0.0 0.0.255.255
 deny   ip any 198.147.20.0 0.0.0.255
 deny   ip any 198.211.96.0 0.0.15.255
 deny   ip any 198.58.96.0 0.0.31.255
 deny   ip any 199.241.28.0 0.0.3.255
 deny   ip any 208.68.36.0 0.0.3.255
 deny   ip any 209.222.30.0 0.0.0.255
 deny   ip any 213.229.64.0 0.0.63.255
 deny   ip any 217.170.192.0 0.0.15.255
 deny   ip any 217.78.0.0 0.0.15.255
 deny   ip any 23.227.160.0 0.0.0.255
 deny   ip any 23.249.168.0 0.0.1.255
 deny   ip any 23.29.124.0 0.0.0.255
 deny   ip any 31.193.128.0 0.0.15.255
 deny   ip any 31.220.24.0 0.0.3.255
 deny   ip any 37.139.0.0 0.0.31.255
 deny   ip any 37.235.52.0 0.0.0.255
 deny   ip any 41.215.240.0 0.0.0.255
 deny   ip any 41.223.52.0 0.0.0.255
 deny   ip any 46.17.56.0 0.0.7.255
 deny   ip any 46.19.136.0 0.0.7.255
 deny   ip any 46.246.0.0 0.0.127.255
 deny   ip any 46.38.48.0 0.0.7.255
 deny   ip any 46.4.0.0 0.0.255.255
 deny   ip any 5.9.0.0 0.0.255.255
 deny   ip any 50.116.32.0 0.0.15.255
 deny   ip any 66.85.128.0 0.0.63.255
 deny   ip any 74.82.192.0 0.0.31.255
 deny   ip any 77.237.248.0 0.0.1.255
 deny   ip any 81.4.108.0 0.0.3.255
 deny   ip any 85.234.128.0 0.0.31.255
 deny   ip any 88.150.156.0 0.0.3.255
 deny   ip any 91.186.0.0 0.0.31.255
 deny   ip any 92.222.0.0 0.0.255.255
 deny   ip any 92.48.64.0 0.0.63.255
 deny   ip any 94.76.192.0 0.0.63.255
 deny   ip any 95.215.44.0 0.0.3.255
 deny   ip any 96.126.96.0 0.0.7.255
 remark Browsec
 deny   ip any 178.62.64.0 0.0.63.255
 deny   ip any 178.62.0.0 0.0.63.255
 deny   ip any 46.101.0.0 0.0.63.255
 deny   ip any 5.101.111.0 0.0.0.255
 deny   ip any 45.55.96.0 0.0.31.255
 deny   ip any 45.55.192.0 0.0.63.255
 deny   ip any 45.55.128.0 0.0.63.255
 deny   ip any 162.243.188.0 0.0.1.255
 deny   ip any 162.243.176.0 0.0.7.255
 deny   ip any 104.236.64.0 0.0.63.255
 deny   ip any 104.236.192.0 0.0.63.255
 deny   ip any 104.236.0.0 0.0.63.255
 deny   ip any 104.131.64.0 0.0.63.255
 deny   ip any 104.131.176.0 0.0.15.255
 deny   ip any 104.131.160.0 0.0.15.255
 deny   ip any 104.131.0.0 0.0.63.255
 deny   ip any 198.199.96.0 0.0.15.255
 deny   ip any 198.199.92.0 0.0.3.255
 deny   ip any 198.199.112.0 0.0.7.255
 deny   ip any 192.241.224.0 0.0.15.255
 deny   ip any 192.241.192.0 0.0.31.255
 deny   ip any 162.243.128.0 0.0.31.255
 deny   ip any 107.170.192.0 0.0.63.255
 deny   ip any 104.236.128.0 0.0.63.255
 deny   ip any 104.131.144.0 0.0.15.255
 deny   ip any 95.85.0.0 0.0.63.255
 deny   ip any 80.240.128.0 0.0.15.255
 deny   ip any 5.101.96.0 0.0.7.255
 deny   ip any 5.101.104.0 0.0.3.255
 deny   ip any 188.226.128.0 0.0.127.255
 deny   ip any 178.62.128.0 0.0.63.255
 deny   ip any 146.185.184.0 0.0.7.255
 deny   ip any 5.101.110.0 0.0.0.255
 deny   ip any 188.166.64.0 0.0.63.255
 deny   ip any 188.166.0.0 0.0.63.255
 deny   ip any 178.62.192.0 0.0.63.255
 deny   ip any 128.199.32.0 0.0.31.255
 deny   ip any 192.241.240.0 0.0.15.255
 deny   ip any 162.243.192.0 0.0.63.255
 deny   ip any 162.243.191.0 0.0.0.255
 deny   ip any 107.170.160.0 0.0.31.255
 deny   ip any 107.170.128.0 0.0.31.255
 deny   ip any 104.131.224.0 0.0.31.255
 deny   ip any 104.131.192.0 0.0.31.255
 deny   ip any 128.199.64.0 0.0.63.255
 deny   ip any 128.199.192.0 0.0.63.255
 deny   ip any 103.253.144.0 0.0.3.255
 remark Stealthy
 deny   ip any 118.97.128.0 0.0.15.255
 deny   ip any 41.231.0.0 0.0.255.255
 deny   ip any 195.154.0.0 0.0.255.255
 remark Finally pass internal LAN to NAT
 permit ip 192.168.0.0 0.0.255.255 any

Hope this helps.

29.04.16 16:33, Reet Vyas пишет:
Hi,

I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and bypassing my squid, Please tell me how to block all hola.org vpn and ulrta surf, I have already blocked websites,but seems not working.

Please let me know how to block these vpn access.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

Yuri Voinov
In reply to this post by reetika

Not with squid, man.

Only on Cisco/another router by IP.

ip access-list extended TO_INET
 remark Hamachi
 deny   ip 25.0.0.0 0.255.255.255 any
 deny   ip 64.34.106.0 0.0.0.255 any
 deny   ip any host 69.25.21.195
 deny   ip any host 74.201.75.195
 deny   ip any host 146.255.195.92
 remark ZenMate servers
 deny   ip any 162.159.244.0 0.0.0.255
 deny   ip any 78.137.96.0 0.0.7.255
 deny   ip any 46.165.192.0 0.0.63.255
 deny   ip any 207.244.64.0 0.0.63.255
 deny   ip any 178.162.128.0 0.0.127.255
 deny   ip any 179.43.128.0 0.0.31.255
 deny   ip any 88.150.192.0 0.0.31.255
 deny   ip any 31.7.56.0 0.0.7.255
 deny   ip any 185.12.44.0 0.0.3.255
 deny   ip any 103.10.197.0 0.0.0.255
 deny   ip any 37.58.48.0 0.0.15.255
 deny   ip any 5.152.192.0 0.0.31.255
 deny   ip any 81.17.16.0 0.0.15.255
 deny   ip any 199.115.112.0 0.0.7.255
 deny   ip any 103.10.199.0 0.0.0.255
 remark Opera Turbo servers
 deny   ip any 37.228.104.0 0.0.7.255
 deny   ip any 141.0.8.0 0.0.7.255
 deny   ip any 82.145.208.0 0.0.15.255
 deny   ip any 195.189.142.0 0.0.1.255
 deny   ip any 185.26.180.0 0.0.3.255
 remark Ultrasurf port
 deny   tcp any any eq 9666
 remark Hola
 deny   ip any host 107.22.193.119
 deny   ip any host 54.225.121.9
 deny   ip any host 54.225.227.202
 deny   ip any host 54.243.128.120
 deny   tcp any any eq 6851
 deny   tcp any any eq 6861
 deny   ip any 107.155.75.0 0.0.0.255
 deny   ip any 103.18.42.0 0.0.0.255
 deny   ip any 103.27.232.0 0.0.0.255
 deny   ip any 103.4.16.0 0.0.0.255
 deny   ip any 103.6.87.0 0.0.0.255
 deny   ip any 104.131.128.0 0.0.15.255
 deny   ip any 106.185.0.0 0.0.127.255
 deny   ip any 106.186.64.0 0.0.63.255
 deny   ip any 106.187.0.0 0.0.63.255
 deny   ip any 107.155.85.0 0.0.0.255
 deny   ip any 107.161.144.0 0.0.7.255
 deny   ip any 107.170.0.0 0.0.127.255
 deny   ip any 107.181.166.0 0.0.0.255
 deny   ip any 107.190.128.0 0.0.15.255
 deny   ip any 107.191.100.0 0.0.3.255
 deny   ip any 108.61.208.0 0.0.1.255
 deny   ip any 109.74.192.0 0.0.15.255
 deny   ip any 128.199.128.0 0.0.63.255
 deny   ip any 14.136.236.0 0.0.0.255
 deny   ip any 149.154.157.0 0.0.0.255
 deny   ip any 149.62.168.0 0.0.3.255
 deny   ip any 151.236.18.0 0.0.0.255
 deny   ip any 158.255.208.0 0.0.0.255
 deny   ip any 162.213.197.0 0.0.0.255
 deny   ip any 162.217.132.0 0.0.3.255
 deny   ip any 162.218.92.0 0.0.1.255
 deny   ip any 162.221.180.0 0.0.1.255
 deny   ip any 162.243.0.0 0.0.127.255
 deny   ip any 167.88.112.0 0.0.3.255
 deny   ip any 168.235.64.0 0.0.3.255
 deny   ip any 173.255.192.0 0.0.15.255
 deny   ip any 176.58.96.0 0.0.31.255
 deny   ip any 176.9.0.0 0.0.255.255
 deny   ip any 177.67.81.0 0.0.0.255
 deny   ip any 178.209.32.0 0.0.31.255
 deny   ip any 178.79.128.0 0.0.63.255
 deny   ip any 192.110.160.0 0.0.0.255
 deny   ip any 192.121.112.0 0.0.0.255
 deny   ip any 192.184.80.0 0.0.7.255
 deny   ip any 192.211.49.0 0.0.0.255
 deny   ip any 192.241.160.0 0.0.31.255
 deny   ip any 192.30.32.0 0.0.3.255
 deny   ip any 192.34.56.0 0.0.7.255
 deny   ip any 192.40.56.0 0.0.0.255
 deny   ip any 192.73.232.0 0.0.7.255
 deny   ip any 192.81.208.0 0.0.7.255
 deny   ip any 192.99.0.0 0.0.255.255
 deny   ip any 198.147.20.0 0.0.0.255
 deny   ip any 198.211.96.0 0.0.15.255
 deny   ip any 198.58.96.0 0.0.31.255
 deny   ip any 199.241.28.0 0.0.3.255
 deny   ip any 208.68.36.0 0.0.3.255
 deny   ip any 209.222.30.0 0.0.0.255
 deny   ip any 213.229.64.0 0.0.63.255
 deny   ip any 217.170.192.0 0.0.15.255
 deny   ip any 217.78.0.0 0.0.15.255
 deny   ip any 23.227.160.0 0.0.0.255
 deny   ip any 23.249.168.0 0.0.1.255
 deny   ip any 23.29.124.0 0.0.0.255
 deny   ip any 31.193.128.0 0.0.15.255
 deny   ip any 31.220.24.0 0.0.3.255
 deny   ip any 37.139.0.0 0.0.31.255
 deny   ip any 37.235.52.0 0.0.0.255
 deny   ip any 41.215.240.0 0.0.0.255
 deny   ip any 41.223.52.0 0.0.0.255
 deny   ip any 46.17.56.0 0.0.7.255
 deny   ip any 46.19.136.0 0.0.7.255
 deny   ip any 46.246.0.0 0.0.127.255
 deny   ip any 46.38.48.0 0.0.7.255
 deny   ip any 46.4.0.0 0.0.255.255
 deny   ip any 5.9.0.0 0.0.255.255
 deny   ip any 50.116.32.0 0.0.15.255
 deny   ip any 66.85.128.0 0.0.63.255
 deny   ip any 74.82.192.0 0.0.31.255
 deny   ip any 77.237.248.0 0.0.1.255
 deny   ip any 81.4.108.0 0.0.3.255
 deny   ip any 85.234.128.0 0.0.31.255
 deny   ip any 88.150.156.0 0.0.3.255
 deny   ip any 91.186.0.0 0.0.31.255
 deny   ip any 92.222.0.0 0.0.255.255
 deny   ip any 92.48.64.0 0.0.63.255
 deny   ip any 94.76.192.0 0.0.63.255
 deny   ip any 95.215.44.0 0.0.3.255
 deny   ip any 96.126.96.0 0.0.7.255
 remark Browsec
 deny   ip any 178.62.64.0 0.0.63.255
 deny   ip any 178.62.0.0 0.0.63.255
 deny   ip any 46.101.0.0 0.0.63.255
 deny   ip any 5.101.111.0 0.0.0.255
 deny   ip any 45.55.96.0 0.0.31.255
 deny   ip any 45.55.192.0 0.0.63.255
 deny   ip any 45.55.128.0 0.0.63.255
 deny   ip any 162.243.188.0 0.0.1.255
 deny   ip any 162.243.176.0 0.0.7.255
 deny   ip any 104.236.64.0 0.0.63.255
 deny   ip any 104.236.192.0 0.0.63.255
 deny   ip any 104.236.0.0 0.0.63.255
 deny   ip any 104.131.64.0 0.0.63.255
 deny   ip any 104.131.176.0 0.0.15.255
 deny   ip any 104.131.160.0 0.0.15.255
 deny   ip any 104.131.0.0 0.0.63.255
 deny   ip any 198.199.96.0 0.0.15.255
 deny   ip any 198.199.92.0 0.0.3.255
 deny   ip any 198.199.112.0 0.0.7.255
 deny   ip any 192.241.224.0 0.0.15.255
 deny   ip any 192.241.192.0 0.0.31.255
 deny   ip any 162.243.128.0 0.0.31.255
 deny   ip any 107.170.192.0 0.0.63.255
 deny   ip any 104.236.128.0 0.0.63.255
 deny   ip any 104.131.144.0 0.0.15.255
 deny   ip any 95.85.0.0 0.0.63.255
 deny   ip any 80.240.128.0 0.0.15.255
 deny   ip any 5.101.96.0 0.0.7.255
 deny   ip any 5.101.104.0 0.0.3.255
 deny   ip any 188.226.128.0 0.0.127.255
 deny   ip any 178.62.128.0 0.0.63.255
 deny   ip any 146.185.184.0 0.0.7.255
 deny   ip any 5.101.110.0 0.0.0.255
 deny   ip any 188.166.64.0 0.0.63.255
 deny   ip any 188.166.0.0 0.0.63.255
 deny   ip any 178.62.192.0 0.0.63.255
 deny   ip any 128.199.32.0 0.0.31.255
 deny   ip any 192.241.240.0 0.0.15.255
 deny   ip any 162.243.192.0 0.0.63.255
 deny   ip any 162.243.191.0 0.0.0.255
 deny   ip any 107.170.160.0 0.0.31.255
 deny   ip any 107.170.128.0 0.0.31.255
 deny   ip any 104.131.224.0 0.0.31.255
 deny   ip any 104.131.192.0 0.0.31.255
 deny   ip any 128.199.64.0 0.0.63.255
 deny   ip any 128.199.192.0 0.0.63.255
 deny   ip any 103.253.144.0 0.0.3.255
 remark Stealthy
 deny   ip any 118.97.128.0 0.0.15.255
 deny   ip any 41.231.0.0 0.0.255.255
 deny   ip any 195.154.0.0 0.0.255.255
 remark Finally pass internal LAN to NAT
 permit ip 192.168.0.0 0.0.255.255 any

Hope this helps.
29.04.16 16:33, Reet Vyas пишет:
Hi,

I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and bypassing my squid, Please tell me how to block all hola.org vpn and ulrta surf, I have already blocked websites,but seems not working.

Please let me know how to block these vpn access.



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

Yuri Voinov
In reply to this post by reetika

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
The another option is using advanced DPI with database. Like China government uses.

Squid itself can't.

29.04.16 16:33, Reet Vyas пишет:
> Hi,
>
> I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and bypassing my squid, Please tell me how to block all hola.org <http://hola.org> vpn and ulrta surf, I have already blocked websites,but seems not working.
>
> Please let me know how to block these vpn access.
>
>
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXI4asAAoJENNXIZxhPexGNfAIALiyG5lIwMpH198p6JJOjp+9
g2TvYj17NTsiMePao1omhf+yYvIYQNrQ1YRyPFQ5ax5eJX7yd5YwhvwewobGZjwR
xhhJIo3DS6XGKijHwKlVekhZ6lCP/eoph3r02zTKv1dpF4nuAVRRImLL//XKjyir
h4yyrK65TCzJsbKL7qe9n7/k0BLNUm5eXiER2KJbfXDzFnjaN62VKxVN1Apw11EQ
xpKa1TrH+rjyzyrd2la/S8On0G771rIRj80bl1q6IHA4+74qSmRm/gVyibDosGA3
JFmeG4DU1wt280zoTZJFv7GSAGl7PqL8Shp2LDUVt499ylxua+jhF3ahzWLetjg=
=r/mv
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

babajaga
This post has NOT been accepted by the mailing list yet.
In reply to this post by reetika
As Yuri gave you the IP-List, use it for blocking with iptables+ipset.
 
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

Yuri Voinov
In reply to this post by Yuri Voinov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
AFAIK,

every proxy admin faced with excessively smart users who want to bypass a proxy. If you think that this is not true in your case - it means you not know yet. While you suffer prince Hamlet's ethical dilemma - "To bump or not to bump - that is a serious matter", your smart-ass users will shamelessly use every possible tools and methods to step over you and wipe they feet on the your proxy.

I am deeply sorry for you, but to solve this problem by means of a Squid is not possible. It is necessary to take into account the existence of Tor, VPN, URL shorteners, Google Translate (Yea, it also uses for bypassing proxy!), SOCKS, http/https anonymizers etc. This is not easy and not simple. This battle occurs every day.

I deliberately do not mention really advanced techniques of hiding one type of traffic inside the other and another hacker's tools. VPN is a strong, but not the last tool to ignore the proxy server if it does not exist at all. And you can be sure your users will not miss them.

And in the fight against shield and sword sword usually wins.

Only a proxy in this issue is not worth little or nothing. Only trained administrator with experienced network administrator and two pairs bodied brain can more or less hinder the  life of these smart-ass users.

This day-by-day battle is significant part of IT security, which is not product, but process.

Hard luck,
                 Yuri

29.04.16 22:07, Yuri Voinov пишет:
>
> The another option is using advanced DPI with database. Like China government uses.
>
> Squid itself can't.
>
> 29.04.16 16:33, Reet Vyas пишет:
> > Hi,
>
>
>
>       > I have working trasparent squid , Some users are using proxy
>       vpn in moziilla as addon and bypassing my squid, Please tell me
>       how to block all hola.org <http://hola.org> vpn and ulrta
>       surf, I have already blocked websites,but seems not working.
>
>
>
>       > Please let me know how to block these vpn access.
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       > [hidden email]
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXI9qIAAoJENNXIZxhPexGISAH/ivV0JV6zUhN5C85GubgI3or
EZJgL706JL+Q6CasmYF/88gau/j7EwYW+mtJ9EzdMGVo5lGkQW3Y/y6SjAmCdtI3
J4eJMGIqi8mQRzfx55HGEv2cXHsYh3hxcBcBay4YHM9NFcXW/xMqsnwrkICULI6b
mu91LERDiH5iBn9cT1qquKoTV8rg5E1eb6ZATA8r6VYRoZutzHN5/v4eww1ogxmc
cE+DVzEcK5VJYFtfUHEyOCO785Xu1TSCctmmvzjrv2SpBQcgxJJ6pSrDrk+Qw614
g50IJz26t0zqlrC/Z+LU0SeAgW7iboPID5yA/3bxWLSnupex3W93lwlPSJu48Pg=
=V6pf
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x613DEC46.asc (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Block VPN access like hola.org ,ultrasurf

reetika
Thanks so much for detailed explanation, will try cisco thing and will check if it gets working

On Sat, Apr 30, 2016 at 3:34 AM, Yuri Voinov <[hidden email]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
AFAIK,

every proxy admin faced with excessively smart users who want to bypass a proxy. If you think that this is not true in your case - it means you not know yet. While you suffer prince Hamlet's ethical dilemma - "To bump or not to bump - that is a serious matter", your smart-ass users will shamelessly use every possible tools and methods to step over you and wipe they feet on the your proxy.

I am deeply sorry for you, but to solve this problem by means of a Squid is not possible. It is necessary to take into account the existence of Tor, VPN, URL shorteners, Google Translate (Yea, it also uses for bypassing proxy!), SOCKS, http/https anonymizers etc. This is not easy and not simple. This battle occurs every day.

I deliberately do not mention really advanced techniques of hiding one type of traffic inside the other and another hacker's tools. VPN is a strong, but not the last tool to ignore the proxy server if it does not exist at all. And you can be sure your users will not miss them.

And in the fight against shield and sword sword usually wins.

Only a proxy in this issue is not worth little or nothing. Only trained administrator with experienced network administrator and two pairs bodied brain can more or less hinder the  life of these smart-ass users.

This day-by-day battle is significant part of IT security, which is not product, but process.

Hard luck,
                 Yuri

29.04.16 22:07, Yuri Voinov пишет:
>
> The another option is using advanced DPI with database. Like China government uses.
>
> Squid itself can't.
>
> 29.04.16 16:33, Reet Vyas пишет:
> > Hi,
>
>
>
>       > I have working trasparent squid , Some users are using proxy
>       vpn in moziilla as addon and bypassing my squid, Please tell me
>       how to block all hola.org <http://hola.org> vpn and ulrta
>       surf, I have already blocked websites,but seems not working.
>
>
>
>       > Please let me know how to block these vpn access.
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       > [hidden email]
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXI9qIAAoJENNXIZxhPexGISAH/ivV0JV6zUhN5C85GubgI3or
EZJgL706JL+Q6CasmYF/88gau/j7EwYW+mtJ9EzdMGVo5lGkQW3Y/y6SjAmCdtI3
J4eJMGIqi8mQRzfx55HGEv2cXHsYh3hxcBcBay4YHM9NFcXW/xMqsnwrkICULI6b
mu91LERDiH5iBn9cT1qquKoTV8rg5E1eb6ZATA8r6VYRoZutzHN5/v4eww1ogxmc
cE+DVzEcK5VJYFtfUHEyOCO785Xu1TSCctmmvzjrv2SpBQcgxJJ6pSrDrk+Qw614
g50IJz26t0zqlrC/Z+LU0SeAgW7iboPID5yA/3bxWLSnupex3W93lwlPSJu48Pg=
=V6pf
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users