IE7 Proxy evasion.
We use a proxy server here for filtering as I'm sure the majority of you do.
We use IE7 as the default browser for staff and students but in the last few days I have discovered pupils gaining access to sites that should be banned by the proxy for example manga comics on image shack style hosting sites. Bebo and some flash games.
Having watched some of them do this it seems that they use the "no addons" shortcut to start ie which I include for when some sites we use cause IE to crash with an exception error. Running it with addons disabled fixes it. I know its a workaround and its on my list to figure out but there have been other priorities lately.
What the pupils seem to do is start ie with no addons type a link get blocked, then close ie open it paste the link in and it will sometimes after 4-5 repeats load the page. If they try to browse on from that page it will again give them the blocked page. but they can copy the link and keep re-opening the browser till it lets them.
Is this a bug in IE perhaps? I'm just not sure how this could be.
Our proxy is set by group policy. 1 proxy with permissive filtering for staff and 1 with very restrictive filtering for pupils. Obviously any filtering bypass is a big problem for us I'm really not sure how to test for how this is going wrong tho.
What do you see in the proxy logs?
Have you blocked direct access on port 80 for the majority of PCs - if not, you really should, or you'll get bitten by portable firefox on USB and all sorts of other fun.
To force all users through the proxy on the firewall we only allowed port 80 & 443 on the proxy server, did the job for us.
I have 80 redirected by IP chains into the proxy.
I think the traffic that's missing the proxy is going straight through the default gateway. I don't have outgoing traffic firewalled. Maybe Its time to. I'd like to know why its seemingly random that it gets past the proxy tho because the proxy is obviously enforced.
Firefox on USB isn't a problem because we have a software restriction policy in place to prevent execution from USB drives or Home directories.
You should definitely firewall outgoing traffic.
I have our list of "things that get blocked" down to about 17 pages/day. Its surprising what sneakily tries to connect out, and with a lot of machines, the bandwidth wasted is enormous.
As Tom said its worthwhile blocking 80.
We block port 80 and use 8080 instead. I get the main switch to report any port 80 activity on all vlans to see who/what is trying to sneak outside the allowed route.