SmoothWall.net home page Evaluate SmoothWall
» Company Information » Testimonials » Case Studies » Press, Reviews & PR » Key Staff Biographies » News Archive » Events » Jobs
» Cyberbullying – A guide for ICT staff in Schools » Secure Wireless » Anonymous Proxies » Load Balancing » Blocking Ultrasurf and HTTPS proxies
- Firewall & VPN - » Advanced Firewall 2008 » Corporate Firewall 2008 » School Guardian 2008 » VPN and Secure Remote Access » Express - Web Security & Content Filtering - » Network Guardian 2008 » School Guardian 2008 » SmoothGuardian - Email Security - » SmoothZap 2008 - Bandwidth Management (QoS) - » SmoothTraffic 2008 - Appliances - » SmoothGuard 1000-UTM - Our Full Product List - » Brochures & Datasheets » Feature Comparison Chart » How to Buy
» Reseller List » Become a Partner » PartnerNet this is a link to external content
» Support from SmoothWall » Support from SmoothWall Partners » Supported Products » FAQ & Knowledge Base » Submit a Support Ticket » Manuals » Downloads » Training » Hardware Compatibility Guide » Product Updates » Blocklist Addition/Removal » Password Generator » Glossary » Terms & Conditions
» SmoothWall.org » Version 3 Sources » Version 4 Sources » Version 5 Sources » Version 2008 Sources
» Addresses and Phone Numbers » Sales/Pre-Sales Enquiry » PR Contacts » Account/Invoice Enquiries » Submit a Support Ticket
CompanySolutionsProductsPartnersSupportCommunityContact Us
home »
Blocking Ultrasurf and HTTPS proxies

Web filters are becoming more and more popular and are used to restrict internet access in many places. The use of web filters have caused the creation of proxy sites and proxy software that can be used to bypass Web filtering. Ultrasurf is one example of an application that bypasses web filters to gain access to sites that would otherwise have been blocked.

Common for both the applications and the proxy sites is that they are using HTTPS to connect to servers that then accesses the requested site and sends it to the user tunneled in a HTTPS connection. As HTTPS traffic is encrypted, the content cannot be seen by the filter and thus no filter rules can be applied to the content.

As more and more proxy locations are being added daily, blocking access to these sites using domain or url blocking lists alone is not particularly efficient. SmoothWall recommends the following method:
  1. Do not use transparent proxying. Transparent proxying is fine for some purposes but is not adequate when access to HTTPS sites needs to be restricted. HTTPS cannot be transparently redirected like HTTP. For this reason alone the use of transparent proxy is not recommended by SmoothWall.

  2. Do not allow access to unauthorised HTTPS sites. SmoothWall web filters can block access to all HTTPS sites as a standard option. Create a list of HTTPS sites that are allowed and apply that as an allow list - this will block access to any HTTPS site that is not explicitly in your allow list and effectively block access to all HTTPS based proxies.

  3. Do not allow direct web access - use the option to block direct web access in Guardian or better still, if finer control is needed, use the networking - outgoing section of the SmoothWall firewall to only allow access to the web ports for particular IP's or users.

  4. Block access to the category "Proxies" in Guardian. The Proxy category contains a list of known proxy IPs and URLs as well as the content filter list for proxy related sites.
Network Guardian 2008

NECC 2008, San Antonio, Texas, USA
Web Security and Content Filtering Bandwidth Management (QoS) Firewall & VPN