You can block torrents with suricata. Works 100%. Install the package and activate all p2p rules.
For web proxies you can use squid+(squidguard with http://www.urlblacklist.com/ ) and force everyone to use your proxy. On Thu, Mar 26, 2015 at 11:44 PM, Sean <[email protected]> wrote: > Torrent traffic: maybe with a good L7 filter (not tried this myself). > But HTTPS proxies and SSL VPN's.... forget about it. > It's a game of whack-a-mole. As soon as you squash one, three more will > pop-up. > You can't block SSL. You'd need to get a real web filtering solution and > by that I mean a service that constantly updates with new content and > category definitions. > Barracuda, Iron Port, Websense, to name a few companies. It's still a > game of whack-a-mole but you're paying them to do it. It still won't get > them all but it will get you hopefully into the 99% range. > > There would likely still be outliers, SSH tunnels and people clever enough > to setup tunnels on non-standard ports and protocols that wouldn't be > monitored. > > I'd be happy to be wrong and welcome a correction from someone who knows > more about it on this list (there are plenty of them). > > On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed <[email protected]> > wrote: > >> Hi Guys, >> >> >> >> I am managing a 1000+ university network. pfsense is working fine. The >> only problem I have is that the students bypass all the security with web >> vpn’s and free https proxies. So I would like to know that if there is an >> effective way to block https web proxies, web based VPN and encrypted >> torrent traffic? >> >> >> >> Regards, >> >> Riz >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- Ivo R. Tonev +55 61 8409-2642 [email protected]
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
