https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158206#M77074 <HTML><HEAD></HEAD><BODY><P>For tunnelling applications or web traffic? If applications, then they are most probably using the HTTP CONNECT Method, there is a signature built into the Cisco IPS for that. You can set the action to Deny for that signature. But test it out before :). Also exclude your genuine proxy servers from this signature using Event Action Filters.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 28 May 2009 07:04:34 GMT Farrukh Haroon 2009-05-28T07:04:34Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158205#M77071 <P>ASA5520 with ASA-SSM-20. Currently using Websense product for Web filtering. Need to find a way for Firewall/SSM to track/block users using from using outside proxy servers using public IP address on port 80.</P> Sun, 10 Mar 2019 11:38:22 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158205#M77071 smartin 2019-03-10T11:38:22Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158206#M77074 <HTML><HEAD></HEAD><BODY><P>For tunnelling applications or web traffic? If applications, then they are most probably using the HTTP CONNECT Method, there is a signature built into the Cisco IPS for that. You can set the action to Deny for that signature. But test it out before :). Also exclude your genuine proxy servers from this signature using Event Action Filters.</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 28 May 2009 07:04:34 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158206#M77074 Farrukh Haroon 2009-05-28T07:04:34Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158207#M77077 <HTML><HEAD></HEAD><BODY><P>Is there a legitimate way of doing this for those who are tunneling HTTP traffic to avoid Websense? Obviously you can block the proxy sites in Websense, but there are so many new ones every day...</P></BODY></HTML> Thu, 28 May 2009 09:57:00 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158207#M77077 Christopher Bell 2009-05-28T09:57:00Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158208#M77079 <HTML><HEAD></HEAD><BODY><P>Well you can use an ACL to block all outgoing traffic on port 80/443 EXCEPT when its sourced from your proxy servers?</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Thu, 28 May 2009 13:10:04 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158208#M77079 Farrukh Haroon 2009-05-28T13:10:04Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158209#M77081 <HTML><HEAD></HEAD><BODY><P>We arn't using proxy servers. We need a way for the IPS sensor to report that someone is using an outside proxy... maybe some sort of long URL warning?</P></BODY></HTML> Thu, 28 May 2009 16:41:43 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158209#M77081 Christopher Bell 2009-05-28T16:41:43Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158210#M77082 <HTML><HEAD></HEAD><BODY><P>Add this statement to your ASA.</P><P></P><P>filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block </P><P></P><P></P></BODY></HTML> Thu, 28 May 2009 16:45:14 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158210#M77082 smartin 2009-05-28T16:45:14Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158211#M77083 <HTML><HEAD></HEAD><BODY><P>Do you really think this will block 'proxy avoidance sites'? Or just the proxies users put in their browser's?</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Fri, 29 May 2009 13:17:07 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158211#M77083 Farrukh Haroon 2009-05-29T13:17:07Z https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158212#M77084 <HTML><HEAD></HEAD><BODY><P>In my case Websense was able to block these sites &amp; the ASA command seems to be blocking IP address's when a user tries to bypass Websense when adding the IP address in IE.</P></BODY></HTML> Fri, 29 May 2009 13:42:17 GMT https://community.cisco.com/t5/network-security/block-proxy-avoidance-sites/m-p/1158212#M77084 smartin 2009-05-29T13:42:17Z