I suggest that you just purchase a Firewall that has websense or web-blocker function available. Most of them allow you to configure multiple blocking rules for different areas of the network. I'm partial to WatchGuard Firebox units.
Hi,
Try using Trendmicro Web Security Suite. It block users from accessing illegal sites.
snipped-for-privacy@w-manager.com
Hi all I work in a company , they want a packet filter system for their gateway their users may want to set proxy ( every proxy servers are open ) I am looking for a firewall software that listens for all packets , if the (http header request ) coniants ( for example sex , violance ... ) then forward it to our proxy server and my proxy server simply block it .
for example one user may set anonymouse proxy in his browser , but when he wants to see illegal sites , firewall forward his request to my proxy server !
what do you suggest ? thanks
Kind Regards SAber Khamooshi
Hello Saber
I suggest using iptables as a firewall / router.
You can configure iptables to forward all HTTP requests to a proxy.
This article may help configuration :
Maxime Ducharme Programmeur / Spécialiste en sécurité réseau
is there any opensource sulotion ? like iptables , ipfw and ... ?
thanks
Kind Regards SAber Khamooshi
hmmmm ok, I think this would be hard to manage
a "free proxy" can be setup on any TCP port, some of them are more standard but thats all
I suggest you use iptables as a gateway, and allow only *some* outbound ports to be used (like 21, 80, 110, 443, ...).
This eradicates most of "free proxy". If a user setup his own proxy on port 21 at home, this is different problem, you need a stateful packet inspection module that would analyser if traffic on port 21 is really FTP and not HTTP.
The 1rst solution would get rid of most of normal users (but not skilled users), it then depends on your organisation AUP.
HTH
Maxime Ducharme Programmeur / Spécialiste en sécurité réseau
Hi Maxime thanks for references I am familiar with squid , but my problem is I don't want redirect all destination traffic ( 8080 , 8000 , 3128 , 81 and .... ) to my squid statically. I want iptables listens for all packets and then if their destination service is ( http ) simply redirect to squid maybe one user sets W.X.Y.Z:1111 as a free Proxy server but when he wants to connect to this proxy server , iptables forward his traffic to squid .
Kind Regards SAber Khamooshi
Hi maxime I exactly need a "stateful packet inspection" does iptables support this ? or freebsd ipfw ?
thanks
Kind Regards SAber Khamooshi
Hi again
No iptables do not support this directly, some work have been done to do this here :
I do not know BSD enough to tell you if it can do this, maybe someone else can answer this ?
HTH
Maxime Ducharme Programmeur / Spécialiste en sécurité réseau
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.