Web filter can block/filter when it's going through the untangle server but if user already had the list of proxy servers, he/she can change it on the browser and by pass the untangle web filtering. When requests go through the proxy servers, nothing is being filtering and he/she can access blocked sites (www.myspace.com or www.playboy.com, etc...)

Restrict the firewall rules to block all out bounced traffic and only open certain ports which can eliminate some but many public proxy servers use port 80 which is standard web port and it can not block on the firewall.

Some other content filtering software are forwarding port 80 to the local proxy server (such as squid or squidguard or danguardian, etc...) and filtering its traffic requests. Wondering if we can do the same with Untangle. I don't see any options to set this.

If anyone has any ideas or suggestions, please let me know. Thanks.

turning "Anonymous Surfing" category to block should block http access to these sites.

I have Anonymous Surfing turn on to block and log but I can easy by pass the filter by changing the proxy setting in the browser with the IP address of the proxy server out there that I know (or you can get with google.com cached).

I put in the IP address 67.52.216.216 port 80 which is one of the proxy server out there.

I checked that it's someone else gateway IP by going to www.getip.com

Now I can get to www.myspace.com or any blocked sites

Since I can get through the web filtering on the public proxy server port 80, Untangle doesn't really scan the traffic of web port (80/HTTP).

What It Does

Transparently scans HTTP traffic in order to log or block specific activity

Hello Untangle developers,

Any plan to attack this. I can get away from the web filter. In fact, that proxy server is really fast too :)

I'm using the proxy server to write this notice with the Anonymous Surfing turn on.

I don't know what your Directory Services infrastructure is, but if you are running a Windows domain you could set Group Policy to disallow users access to the proxy portion of their connection properties. The only issue I could see some having with this is that it forces you to mandate IE as your browser for uniformity and compliance.

dogcheese, thanks for your input.

You can use AD Group Policy to disable the registry not to allow modification with the connection setting but like you said, it's limited to IE only as the browser. Also, not all company use AD and home user don't even has AD. I don't. I'm not Windows shop b/c I'm cheap. Only open source is good :)

At home, Teenagers can find a workaround quickly from friends.

I have the same problem, I'm moving clients from accessing the Proxy at my ISP directly (192.168.168.2:8087), to going through Untangle which then redirects them to the same proxy. Anyone who remembers the old settings can simply bypass Untangle.

:( I also have Anonymous Surfing blocked. Also my clients are all Linux except for one or two laptops. Is there no way to only allow Untangle to forward them to the proxy? I am going to setup a proxy between myself and the ISP's proxy eventually, which should solve this problem, I just need a fix until then.

If you have the firewall module intstalled then you could setup rules to only allow outbound traffic that you want going out. Or, if you want to just block any traffic destined for port 8087 then that should take care of the proxy at your ISP. Also, in protocol control you can enable SOCKS and Tor to prevent some of the others out there.

Okay so if I block traffic to 8087 how do I get the Untangle server to use 8087. I tried to block traffic to 8087 and then redirect all outgoing requests to 8087, but then I couldn't access the internet. I get confused as to whether the server can make outgoing requests on ports I have blocked.

I want to know what I am doing so I don't mess up everyone's internet while they are working. Sorry about the delay in replying I am traveling through Singapore at the moment, won't get back to work till 24th.

inyoka, I just read your post again and have to apologize. I overlooked that you are still going to be using the ISP proxy.

Unfortunately, Untangle will not forward proxy requests to an upstream proxy. It only filters traffic transparently. You could put together your own proxy server that will forward your requests to your ISP's proxy server. Then just let Untangle filter the traffic between your users and your proxy server.

I haven't had enough coffee yet so let me know if that doesn't make sense.

That makes sense, just wish I didn't have to do it. Sorry reply took so long, I checked up on the post but didn't see the link for a second page. Doh! guess I need more coffee as well.'

Thanks for your help.