+ Post New Thread
Results 1 to 5 of 5
Internet Related/Filtering/Firewall Thread, .pac files and horrible web proxy sites. in Technical; Hi Guys, I am having some trouble with a few students who receive daily updates on new proxies to use. ...
  1. #1

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    14

    .pac files and horrible web proxy sites.

    Hi Guys,
    I am having some trouble with a few students who receive daily updates on new proxies to use.
    There is one in particular, a scripted randomly generated page on a new ip/host every day that is causing the most difficulty for us at the moment. Although our LA's provider have been relatively good at blocking these sites, they don't for whatever reason block the https equivalents.
    My thoughts are to drop all https traffic unless the addresses are in a list..
    I haven't yet figured out the best way of doing this, we use smoothwall and I haven't yet figured out the best way with this, however I am messing about with the idea of altering our pac file.

    Our pac file is already relatively complicated (I have removed the school specific hostnames/ips);
    Code:
    function FindProxyForURL(url, host) 
    { 
    	if (
    		shExpMatch(url, "*.ebay.com*") ||
    		shExpMatch(url, "*.ebay.co.uk*") ||
    		shExpMatch(url, "*.facebook.com*") ||
    		shExpMatch(url, "*.bebo.com*") ||
    		shExpMatch(url, "*.myspace.com*") ||
    		shExpMatch(url, "*.logmein.com*") ||
    		shExpMatch(url, "*remote.blah.police.uk*") ||
    		shExpMatch(url, "*crl.adobe.com*") ||
    		shExpMatch(url, "*www.myschool.com*") ||
    		shExpMatch(url, "*pbwiki.com*") ||
    		shExpMatch(url, "*blahgov.pbworks.com*")
    	) 
    	return "PROXY E2BNPROXY:8080; PROXY LA1:8080; PROXY LA2:8080";
    	if (
    		!isInNet(myIpAddress(), "10.112.0.0", "255.255.0.0") || 
    		isInNet(host, "10.112.0.0", "255.255.0.0") || 		
    		dnsDomainIs(host, ".blah.local") ||			
    		isPlainHostName(host) ||				
    		shExpMatch(url, "*portal.myschool.com*") ||
    		shExpMatch(url, "*mail.myschool.com*") ||
    		shExpMatch(url, "*autodiscover.myschool.com*") ||
    		shExpMatch(url, "*dev.myschool.com*") ||
    		shExpMatch(url, "*helix.myschool.com*") ||
    		shExpMatch(url, "*www2.myschool.com*") ||
    		shExpMatch(url, "*cover.myschool.com*")
    	)
    	return "DIRECT";
    	
    	if (shExpMatch(url, "http:*")) return "PROXY 10.112.225.19:8080; PROXY E2BNPROXY:8080; PROXY LA1:8080;"
    	if (
    		shExpMatch(url, "*.firstdirect.com*") || 
    		shExpMatch(url, "*.hotmail.co*") ||
    		shExpMatch(url, "*.lloydstsb.co*") ||  /* etc etc add another line for every url not handled by 'http' or in first section of pac file */
    		shExpMatch(url, "*.barclays.co*") ||
    		shExpMatch(url, "*.msn.co*")
    	)
    	return "PROXY LOCAL:8080; PROXY E2BNPROXY:8080; PROXY LA1:8080;"
    }
    This pac file is one that myself and my techs use, along with the PCSOs here.
    The social networking sites are blocked by authority proxy, some of the other sites just work better avoiding our local proxy. This pac file shares a layout (although some of the sites differ (social networking/ebay/police etc)) with the pac file used by teachers and is used by desktops and laptops, the laptops do go home with the teachers and are able to use their home internet connection while still using this pac file. There are some other sites in there too that just go direct because obviously they are local.
    Any advice would be greatly appreciated!
    Last edited by itwasntme; 10th March 2010 at 09:29 AM.

  2. #2


    Join Date
    Sep 2009
    Location
    Yorkshire
    Posts
    206
    Thank Post
    64
    Thanked 69 Times in 45 Posts
    Rep Power
    23
    Which SmoothWall are we talking about here?

    There are a couple of ways to skin this particular cat.

  3. #3

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Quote Originally Posted by nile_c View Post
    Which SmoothWall are we talking about here?

    There are a couple of ways to skin this particular cat.
    Thanks nile_C;

    NetworkGuardian 2008 it would seem?

  4. #4


    Join Date
    Sep 2009
    Location
    Yorkshire
    Posts
    206
    Thank Post
    64
    Thanked 69 Times in 45 Posts
    Rep Power
    23
    Ok, I probably wouldn't use your pac for this. It call all be done at the Smoothie.

    If you want to block all HTTPS:
    On the guardian > policy page you can create a new filter. When you click on the 'Filter:' dropdown there is a special category called All HTTPS Content. The Block action can then be used to block HTTPS.
    You can use either your existing allowed content rules, or create an additional filter to allow those HTTPS sites which you need.

    The second option is to use your SmoothWalls built-in functionality for filtering HTTPS content.
    Under 'guardian > filtering > per-group settings' you have the following options available:

    * Block invalid SSL certificates: This blocks the invalid certificates that many HTTPS based proxies will use.
    * Intercept HTTPS: This decrypts the connection to HTTPS sites, allowing the guardian engine to "see" the content, just as it would with plain HTTP.
    This is useful against the newest proxies that use valid certificates and cycle through domains rapidly.

    There is a little bit of extra configuration involved with HTTPS interception; your clients each need to recognize the Smoothwall as a valid CA, by importing its CA cert.

  5. Thanks to nile_c from:

    itwasntme (10th March 2010)

  6. #5

    Join Date
    Apr 2008
    Posts
    64
    Thank Post
    10
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    Thanks Nile, will take a look at this in the slow hours!



SHARE:
+ Post New Thread

Similar Threads

  1. Proxy .pac file
    By FN-GM in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 10th February 2010, 11:33 AM
  2. proxy .pac file
    By sted in forum Windows
    Replies: 12
    Last Post: 24th September 2009, 08:50 PM
  3. Stupid proxy pac
    By Oops_my_bad in forum Wireless Networks
    Replies: 10
    Last Post: 23rd March 2009, 10:59 AM
  4. .pac files
    By jamiet147 in forum Coding
    Replies: 3
    Last Post: 26th November 2008, 09:51 AM
  5. Proxy sites
    By whatwherewhen in forum Links
    Replies: 33
    Last Post: 28th October 2008, 04:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •