Proxy bypass sites regex

**webman** · 14th July 2008, 04:19 PM

Hi everyone

Recently noticed a lot of attempts by students on the old web-based proxy scripts. Worked out a couple of regexes to match a some common URL formats. They work fine on our IPCop + URLFilter box. Exmaples:

Code:

\.(cgi|pl)/([01]+)([A-Z]{1})/)

Example: http://judahjohnson.com/index.pl/010...2s696q672s6r6s

Code:

(index|browse|index2)\.php\?(q|u)=

Example: http://whackyourlecturer.com/browse....lvdXR1YmUuY29t

Full list Updated 22/07/2008

Code:

\?(q|u)=(.*)&hl=([A-Za-z0-9]{3,})
\.php/(.*)/b([0-9]{2,})/
\.php\?rob=(.*)&hl=([A-Za-z0-9]{3})
\.(cgi|pl)/([01]+)([A-Z]{1})/)
\.php/([01A-Z]+)/([A-Za-z0-9]+)
\.php/(.*)/0/go.php$
(index|browse|index2)\.php\?(q|u)=

**tom_newton** · 14th July 2008, 05:27 PM

you might find that those rules overblock slightly - certainly for CGI proxy you can be a bit less aggressive in your blocking and still be effective.

**bossman** · 14th July 2008, 05:50 PM

Would rather overblock than underblock we can always add to white list any site that needs unfiltering. It works and damn well the little bu**ers can't bypass the proxy now. Our ISP have still not managed to sort it out yet!!!

BTW Tom how would you have done it?

**Sylv3r** · 14th July 2008, 09:13 PM

Originally Posted by bossman

Our ISP have still not managed to sort it out yet!!!

Give them time

**webman** · 14th July 2008, 09:19 PM

Originally Posted by Sylv3r

Give them time

How long should we give them... decades or millennia?

**Sylv3r** · 14th July 2008, 09:47 PM

Originally Posted by webman

How long should we give them... decades or millennia?

We wanted some ports open last week, when we rang up today to chase them the person had closed the job ticket.

Ports are still not open, but unfortunately now he is now on his holidays so we have to wait for him coming back before the job will get done! It could only happen to us that the "Port Opener" is unavailable as he is on his sun lounger in Spain!

So something as "difficult" as web filtering.....

**webman** · 14th July 2008, 10:15 PM

Originally Posted by Sylv3r

We wanted some ports open last week, when we rang up today to chase them the person had closed the job ticket.

Ports are still not open, but unfortunately now he is now on his holidays so we have to wait for him coming back before the job will get done! It could only happen to us that the "Port Opener" is unavailable as he is on his sun lounger in Spain!

So something as "difficult" as web filtering.....

Same thing happened to us! A little over 2 weeks by the time it was finally open. Surely somebody else there can open a port? It's not rocket science. Even better would be to give us basic access to the boxes but that seems to be asking too much

Good luck with your ports

**tom_newton** · 15th July 2008, 08:49 AM

bossman: I would have just asked for "more" 0101 etc. - it is pretty much always the same length, i'd definitely look for 3 consecutive [01]
PHProxy is hard to do via URL only - we do much more in-page on that one. I remember one specific occasion finding a rule accidentally blocked nhs.net which was targetted at phproxy.

I suppose overblocking is far more of a concern for me - if we overblock, it happens to hundreds of thousands of users

and I can't guarantee whats in the whitelist!

LinkBack

Thread Tools

Search Thread

Proxy bypass sites regex

Similar Threads

proxy bypass sites

Proxy Bypass Websites

Thread Information

Users Browsing this Thread

Tags for this Thread

Posting Permissions