Subject:
Block "Ultrasurf" in RedHat Linux Squid. Successfully tested on "2.6.STABLE6-4.el5" version.
Hello All,
Prior to do anything in squid configuration, it is necessary to understand about "what ultrasurf is" & why it is popular.!!!!
Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help internet users in China find security and freedom online, Ultrasurf has now become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.
Visit https://ultrasurf.us/ for more information.
Coming directly onto "practical", kindly add below lines in "/etc/squid/squid.conf" file.
#####Create New ACL#####
acl UltraSurf port 9666
acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
Block "Ultrasurf" in RedHat Linux Squid. Successfully tested on "2.6.STABLE6-4.el5" version.
Hello All,
Prior to do anything in squid configuration, it is necessary to understand about "what ultrasurf is" & why it is popular.!!!!
Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help internet users in China find security and freedom online, Ultrasurf has now become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.
Visit https://ultrasurf.us/ for more information.
Coming directly onto "practical", kindly add below lines in "/etc/squid/squid.conf" file.
#####Create New ACL#####
acl UltraSurf port 9666
acl ipacl url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
acl numeric_IPs url_regex ^[0-9]+.[0-9]+.[0-9]+.[0-9]+
#####Deny all ACL#####
http_access deny UltraSurf
http_access deny ipacl
http_access deny numeric_IPs
http_access deny all --- This is the default line.This is for your reference only to add all lines before this only.
Note: Above configuration is useful if "ultrasurf" is installed in LAN Computers. But, still anyone can download "ultrasurf" from internet. So, it is better to block the "ultrasurf name & domain" using below ACL
##################################
acl blockregexurl url_regex -i ultrasurf
acl block-site dstdomain .ultrasurf.us
http_access deny blockregexurl
http_access deny block-site
##################################
Note: Now, Squid will block all Internet requests, having "ip address" in URL. So, you need to add another ACL to allow certain IP Addresses, In use in your LAN segment for "Hosting or R&D purpose", if any.
##################################
acl bypass_ultrasurf_ip dstdomain 172.24.23.1 192.168.1.2 59.167.154.20
http_access allow bypass_ultrasurf_ip --- Put this line above the "deny ultrasurf" lines only.
##################################
SUM UP:
This configuration has been tested to block "ultrasurf & all it's alternatives" as given below.
* tor
* GTunnel
* FreeGate
* Tunnelier
Thanks,
Nishith N.Vyas
Hi Nishith, thanks for the information. ¿Is it still working today? ¿Does it work on a transparent Squid?
ReplyDeleteYes. It will work with RHEL 5 and 6. Never tested on RHEL 7 Squid.
Delete