One of the major reasons I've wanted to replace my sonic wall, is the poor job it's content filter does. What's the point of having a content filter if any anonymous proxy can be accessed and take you right around it?

I finally put an Untangle box in at the smallest of my schools, approximately 120 PC's. I started checking the filter and everything seemed fine, until I decided to see if I could hit myspace or youtube through ztunnel.com. After I realized it was open (I'm assuming xtunnel, ytunnel, etc are as well) I tried accessing anonymizer.com and even it is wide open. I do have Anonymous Surfing set to block and log which I figured would block anonymous proxy servers. I currently have a huge list of proxy servers in the block list of my sonicwall, but finally gave up on trying to block them since the kids find them faster than I can add them. I have seen several solutions that do block anonymous proxy servers, should untangle block them as well?

We are adding proxy sites daily to the list. If you would like to share your findings, please email them to support@untangle.com

I am running 5.0.2 and it blocked anonymizer.com.

Remember it also takes a few minutes while the site list is downloaded locally after turning on a category.

After an entire weekend of running it was still not blocking anonymizer.com, until I added it to the url list. Also is there a way to block several sites ending the same way? In my sonicwall I could add tunnel.com to my blocked domains and it would block anything ending with tunnel.com, like ztunnel.com, atunnel.com, and wtunnel.com. I know this is a good way to block legit sites but it also makes it much easier to block large lists of sites.

I'm running 5.0.2-1

Did you dump your browser cache? If its set to never update, you could keep seeing an old page indefinitely. I have access to two Untangle servers here, and both block anonymizer.com as expected.

I think you answered your own question about what is effectively wildcard domain blocking...good sites get blocked along with the bad BUT it does have merit. Being able to block with wildcards then adding legitimate sites into a pass list would take care of a lot of problems for many. In a company environment, chances are pretty good that someone who couldn't get to carpaltunnel.com would put in a Help Desk request that could get the block modified.

it's very easy to get away from the filter by using the anonymous proxy servers out there. I just tested with the proxy lists from www.proxy4free.com or http://theproxyfree.com/, I can get around through the public proxy servers. I did use tcpdump to monitor the traffic. It used the proxy with the specified port (for example 3128).

If the proxy is blocking is not update, users can get away from the web filtering just by changing their proxy server setting in the browser and can get to the blocked sites (www.myspace.com or www.playboy.com).

Maybe untangle need to write a script to go to all public proxy sites and get the IPs & ports, then add it into the database list.