Could we block https proxy avoidance?

simport · ‎03-07-2007

Hi all, If we use an https anonymous proxy (like https://proxify.com) we can navigate everywhere without being concerned by the fortiguard filters. It doesn' t log our connection to the proxy website because it is with https. Does anyone know a way of blocking this bypass (without listing ALL the proxy avoidance websites in a block list or disabling https websites) ??? Thanks Simport --FG200a OS 3.0 b0475--

Simport Fortigate-200A 3.00-b0564

rwpatterson · ‎03-07-2007

If you are using FortiGuard web filtering, adjust the protecion profile for the policy to block web proxy avoidance. Firewall -> Protection Profile -> profile name. Edit this Protection Profile. Cruise down to ' FortiGuard Web Filtering' , open it up. Under ' Rate URLs by domain and IP address' , under the category ' Potentially Liable' , find ' Proxy Avoidance' and select block. Make sure you select HTTPS under ' Enable FortiGuard Web Filtering' , and you should be good. This will block all KNOWN proxy servers. Anyone using one from a private (Verizon, AOL, etc.) IP address may bypass this, which is why I also block unrated sites. I' m in health care, so this is allowed, without higher approval.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

simport · ‎03-07-2007

Thank you, it works. Simport

Simport Fortigate-200A 3.00-b0564

Could we block https proxy avoidance?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website