Tuesday, August 9, 2011

How to block UltraSurf in squid -Resolved


How to block UltraSurk in squid -Resolved
Ultrasoft is one among the proxy bypass software which cannot be blocked since the IP address of the server changed frequently and also it encrypts the traffic through the secured pipe.
I think the only way to block it in the squid is to block IP based browsing in the squid proxy
TO achieve this you should add the below lines in the squid.conf file

vi /etc/squid/squid.conf

add the below lines in the top of all access lists

acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
http_access deny ipacl
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
http_access deny  numeric_IPs


after this Ultrasurf will not be able to connect to their server since it initiate IP based request for that

13 comments:

  1. http://www.amarjit.info/2011/11/how-to-block-ultrasurf-on-squid.html

    ReplyDelete
  2. i want to block ultasurf surfing but i can't block ip base surfing ... what should i do ..?

    ReplyDelete
    Replies
    1. I hope you have read my above document which clearly mentioned the way how it can be blocked in squid

      Delete
  3. thank for posting it works on me... but messenger app wont work.. any suggestion??

    ReplyDelete
  4. Install the service written by me to block it. https://sites.google.com/site/tonersmartchip/Anti-UltraSurf.zip?attredirects=0&d=1. This software run on service and it will kill ultrasurf if found every 5 sec.

    ReplyDelete
  5. but by this way all the IP based browsing will be prevented..! as you are creating an ipacl object to deny http:\\ and then numeric IP's, this will prevent accessing any site through its IP.... is there a remedy for that?

    ReplyDelete
  6. Thanks Buddy This is working


    Vinit Tyagi

    ReplyDelete
  7. This is a good post. This is really effective in blocking TOR and Ultrasurf. The problem is that this is also blocking skype and yahoo messenger. Do you have a remedy on this? Thanks a lot..

    ReplyDelete
    Replies
    1. I have the same trouble

      Delete
  8. Hi I was testing and i found a solution!! just add this code they are the Ips for MSN auth .. cheers ! comments my email secretdos@hotmail.com

    acl msn dst 64.4.0.0/18
    acl msn dst 65.52.0.0/14

    acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
    http_access deny !msn ipacl
    acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
    http_access deny !msn numeric_IPs

    ReplyDelete
  9. Good script but, I have internat IPs to use in some applications, so, if I use this script also block my internal APPS

    ReplyDelete
  10. Hi Charlos,

    Thank You for your comments :)
    I am not sure why you are using IP based application access inside your company (not seems a professional approach).
    Since it is an internal application, please map the same with the DNS name .Or else ,ask your users to use Exception settings in their browser which will bypass Proxy (you can use GPO for setting it automatically).
    If your company is still having specific requirement to have IP based access, write an ACL above the one mentioned, will specifically for your local LAN range ...Obviously with an "Allow" rule

    Gud Luck :)

    ReplyDelete