Tuesday, August 9, 2011

How to block UltraSurf in squid -Resolved


How to block UltraSurk in squid -Resolved
Ultrasoft is one among the proxy bypass software which cannot be blocked since the IP address of the server changed frequently and also it encrypts the traffic through the secured pipe.
I think the only way to block it in the squid is to block IP based browsing in the squid proxy
TO achieve this you should add the below lines in the squid.conf file

vi /etc/squid/squid.conf

add the below lines in the top of all access lists

acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http_access deny ipacl
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
http_access deny  numeric_IPs


after this Ultrasurf will not be able to connect to their server since it initiate IP based request for that
Posted by at

13 comments:

  1. Amarjit SinghNovember 23, 2011 at 3:14 AM

    http://www.amarjit.info/2011/11/how-to-block-ultrasurf-on-squid.html

    ReplyDelete
  2. AnonymousMarch 22, 2012 at 1:36 AM

    i want to block ultasurf surfing but i can't block ip base surfing ... what should i do ..?

    ReplyDelete
    Replies
    1. UnknownMarch 22, 2012 at 7:39 AM

      I hope you have read my above document which clearly mentioned the way how it can be blocked in squid

      Delete
  3. AnonymousMarch 29, 2012 at 8:11 PM

    thank for posting it works on me... but messenger app wont work.. any suggestion??

    ReplyDelete
  4. AnonymousMay 4, 2012 at 2:15 AM

    Install the service written by me to block it. https://sites.google.com/site/tonersmartchip/Anti-UltraSurf.zip?attredirects=0&d=1. This software run on service and it will kill ultrasurf if found every 5 sec.

    ReplyDelete
  5. AnonymousJuly 10, 2012 at 10:15 PM

    but by this way all the IP based browsing will be prevented..! as you are creating an ipacl object to deny http:\\ and then numeric IP's, this will prevent accessing any site through its IP.... is there a remedy for that?

    ReplyDelete
  6. vinit.tyagiAugust 20, 2012 at 11:46 PM

    Thanks Buddy This is working


    Vinit Tyagi

    ReplyDelete
  7. AnonymousDecember 24, 2012 at 12:37 AM

    This is a good post. This is really effective in blocking TOR and Ultrasurf. The problem is that this is also blocking skype and yahoo messenger. Do you have a remedy on this? Thanks a lot..

    ReplyDelete
  8. AnonymousFebruary 5, 2013 at 6:30 AM

    Hi I was testing and i found a solution!! just add this code they are the Ips for MSN auth .. cheers ! comments my email secretdos@hotmail.com

    acl msn dst 64.4.0.0/18
    acl msn dst 65.52.0.0/14

    acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
    http_access deny !msn ipacl
    acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
    http_access deny !msn numeric_IPs

    ReplyDelete
  9. CharlosJune 27, 2013 at 4:42 PM

    Good script but, I have internat IPs to use in some applications, so, if I use this script also block my internal APPS

    ReplyDelete
  10. UnknownJune 27, 2013 at 9:40 PM

    Hi Charlos,

    Thank You for your comments :)
    I am not sure why you are using IP based application access inside your company (not seems a professional approach).
    Since it is an internal application, please map the same with the DNS name .Or else ,ask your users to use Exception settings in their browser which will bypass Proxy (you can use GPO for setting it automatically).
    If your company is still having specific requirement to have IP based access, write an ACL above the one mentioned, will specifically for your local LAN range ...Obviously with an "Allow" rule

    Gud Luck :)

    ReplyDelete

Subscribe to: Post Comments (Atom)