How to block HTTP-TUNNEL software with Novell BorderManager 3.8

  • 3337713
  • 03-Oct-2006
  • 26-Apr-2012


Novell BorderManager 3.8
Novell BorderManager 3.8 Support Pack 4 Intern Release 5 ( BM38SP4_IR5)


Access control rules are enable at the BorderManager server to block access to undesired content.
Using tunneling software running on internal workstations, like http-tunnel, httport, socks2http, etc, users are able to bypass BorderManager access control rules.


This tid is specific to block http-tunnel program. Depending the type of program, a LAN trace should be taken to learn software behavior and then block it.

Http-tunnel program has two way to work:

a. If you do not check the box to use CONNECT, is using a simple POST to contact an external server so blocking it will stop to work.
Add a deny rule, url, destination and add :**************

a trace reveled that it has to contact with this server to bypass proxy. I've blocked then and program not longer work.

b. If you check the box to use " CONNECT", then you have to enable on the proxy.cfg the tunneling control feature:


This will stop the program as it tries to connect to port 1178 using a CONNECT method which will be blocked.
After apply this settings, all CONNECT requests will be blocked, except the ones to port 443, the default SSL port. If you have any software that connects using SSL thru BorderManager using another port, you should also add the following entry to the proxy.cfg:


Where xxxx is the destination port of your application.

So to fully stop this program, http-tunnel, you need both solutions, the tunneling settings in proxy.cfg and the rule to block this ip addresses.

Additional Information