I want to block the Tor traffic because my clients use it to jump my rules about the blocked site. In my firewall it's a little more difficult refresh the Node that I want to block.
Jenny told about he/she can't establish a connection to the TOR net across squid, but I can't see the problem, using CONNECT and 443 port it's all the client needs !!! I'm waiting for you guys !!! On Sun, Dec 4, 2011 at 1:50 AM, Jenny Lee <[email protected]> wrote: > > Judging from "dst" acl, ultrasurf traffic and all in this thread, this is > talking about outgoing traffic to Tor via squid. > > Why would anyone want to block Tor traffic to his/her webserver (if this is > not an ecommerce site)? If it was an ecommerce site, they would know what to > do already and not ask this question here. Tor exists are made available > daily and firewall is hte place to drop them. > > I still want to hear what OP would say. > > Jenny > > > > >> From: [email protected] >> To: [email protected] >> Date: Sun, 4 Dec 2011 00:39:01 +0100 >> Subject: AW: [squid-users] block TOR >> >> The question is with traffic of tor should be blocked. Outgoing client >> traffic to the tor network or incoming httpd requests from tor exit nodes ? >> >> Andreas >> >> -----Ursprüngliche Nachricht----- >> Von: Jenny Lee [mailto:[email protected]] >> Gesendet: Sonntag, 4. Dezember 2011 00:09 >> An: [email protected]; [email protected] >> Cc: [email protected] >> Betreff: RE: [squid-users] block TOR >> >> >> I dont understand how you are managing to have anything to do with Tor to >> start with. >> >> Tor is speaking SOCKS5. You need Polipo to speak HTTP on the client side and >> SOCKS on the server side. >> >> I have actively tried to connect to 2 of our SOCKS5 machines (and Tor) via >> my Squid and I could not succeed. I have even tried Amos' custom squid with >> SOCKS support and still failed. >> >> Can someone explain to me as to how you are connecting to Tor with squid >> (and consequently having a need to block it)? >> >> Jenny >> >> >> > Date: Sat, 3 Dec 2011 16:37:05 -0500 >> > Subject: Re: [squid-users] block TOR >> > From: [email protected] >> > To: [email protected] >> > CC: [email protected]; [email protected] >> > >> > Sorry for reopen an old post, but a few days ago i tried with this >> > solution, and ..... like magic, all traffic to the Tor net it's >> > blocked, just typing this: >> > acl tor dst "/etc/squid3/tor" >> > http_access deny tor >> > where /etc/squid3/tor it's the file that I download from the page you >> > people recommend me !!! >> > >> > Thanks a lot, this is something that are searching a lot of admin that >> > I know, you should put somewhere where are easily to find !!! Thanks >> > again !! >> > >> > Sorry for my english >> > >> > On Fri, Nov 18, 2011 at 4:17 PM, Carlos Manuel Trepeu Pupo >> > <[email protected]> wrote: >> > > Thanks a lot, I gonna make that script to refresh the list. You´ve >> > > been lot of helpful. >> > > >> > > On Fri, Nov 18, 2011 at 3:39 PM, Leonardo Rodrigues >> > > <[email protected]> wrote: >> > >> >> > >> i dont know if this is valid for TOR ... but at least Ultrasurf, >> > >> which i have analized a bit further, encapsulates traffic over >> > >> squid always using CONNECT method and connecting to an IP address. >> > >> It's basically different from normal HTTPS traffic, which also uses >> > >> CONNECT method but almost always (i have found 2-3 exceptions in some >> years) connects to a FQDN. >> > >> >> > >> So, at least with Ultrasurf, i could handle it over squid simply >> > >> blocking CONNECT connections which tries to connect to an IP >> > >> address instead of a FQDN. >> > >> >> > >> Of course, Ultrasurf (and i suppose TOR) tries to encapsulate >> > >> traffic to the browser-configured proxy as last resort. If it finds >> > >> an NAT-opened network, it will always tries to go direct instead of >> > >> through the proxy. So, its mandatory that you do NOT have a >> > >> NAT-opened network, specially on ports >> > >> TCP/80 and TCP/443. If you have those ports opened with your NAT >> > >> rules, than i really think you'll never get rid of those services, >> > >> like TOR and Ultrasurf. >> > >> >> > >> >> > >> >> > >> >> > >> Em 18/11/11 14:03, Carlos Manuel Trepeu Pupo escreveu: >> > >>> >> > >>> So, like I see, we (the admin) have no way to block it !! >> > >>> >> > >>> On Thu, Sep 29, 2011 at 3:30 PM, Jenny Lee<[email protected]> wrote: >> > >>>> >> > >>>>> Date: Thu, 29 Sep 2011 11:24:55 -0400 >> > >>>>> From: [email protected] >> > >>>>> To: [email protected] >> > >>>>> Subject: [squid-users] block TOR >> > >>>>> >> > >>>>> There is any way to block TOR with my Squid ? >> > >>>> >> > >>>> How do you get it working with tor in the first place? >> > >>>> >> > >>>> I really tried for one of our users. Even used Amos's custom >> > >>>> squid with SOCKS option but no go. >> > >>>> >> > >>>> Jenny >> > >> >> > >> >> > >> -- >> > >> >> > >> >> > >> Atenciosamente / Sincerily, >> > >> Leonardo Rodrigues >> > >> Solutti Tecnologia >> > >> http://www.solutti.com.br >> > >> >> > >> Minha armadilha de SPAM, NÃO mandem email [email protected] >> > >> My SPAMTRAP, do not email it >> > >> >> > >> >> > >> >> > >> >> > >> >> >>
