How to block Freegate usage with Novell Border Manager Access Rules

  • 7001948
  • 20-Nov-2008
  • 26-Apr-2012

Environment

Novell BorderManager 3.9 Support Pack 1

Situation

Users are using Freegate to bypass proxy Access Rules which enables them to browse sites that are blocked by the system administrators.

Resolution

In Border Manager add the following rules to the Access Rules:

1. Go to iManager - Border Manager - Access Rules - Select Server - Click OK - New - Generic TCP
Name: BlockIPs
Under Condition Group Click New
Select Destination: Host IP Addresses
Comparison: IP:Equals
To the Value add the following ips: 65.49.2.221, 63.210.29.10, 216.92.231.150, 219.85.33.55, 220.140.112.39, 125.224.214.37, 125.230.14.170, 122.122.217.203, 125.224.119.3, 122.124.103.168, 219.85.6.165, 122.125.200.154, 118.161.199.156, 122.123.3.155, 125.230.10.156, 218.163.4.182, 66.203.2.74, 61.223.243.171, 61.62.189.41, 122.125.198.55, 65.49.2.96, 122.124.68.9, 65.49.2.91, 65.108.179.118, 220.137.26.76, 218.174.3.199, 218.168.61.198
Click New again
Select Origin Server Port
Value: 443
Action: Deny Access
Click OK.

2. Go to iManager - Border Manager - Access Rules - Select Server - Click OK - New - HTTP
Name: BlockURLs
Under Condition Group Click New
Select URL
Type: Configured
Comparison: URL:Starts with
To the Value add the following urls: http://219.85.6.165/*, http://118.160.42.82/*, http://61.224.2.105/*, http://59.117.176.14/*, http://122.125.198.55/*, http://218.163.4.182/*, http://122.123.100.210/*, http://61.223.243.171/*, http://122.120.65.62/*, http://65.49.2.221/*, http://122.124.103.168/*, http://61.62.189.41/*, http://122.127.97.197/*, http://220.136.222.117/*, http://125.225.42.118/*, http://61.64.149.118/*, http://125.224.141.12/*, http://65.49.2.96/*, http://65.49.2.91/*, http://122.121.223.121/*, http://125.225.43.123/*, http://61.229.108.97/*, http://125.229.4.122/*, http://61.64.206.121/*
Action: Deny Access
Click OK.

3. Go to iManager - Border Manager - Access Rules - Select Server - Click OK - New - HTTP
Name: BlockVideoURLs
Under Condition Group Click New
Select URL
Type: Configured
Comaprison: URL:Ends with
To the Value add the following urls: http://*s=4897456, http://*s=4861896, http://*s=4897495
Action: Deny Access
Click OK.
In this step you will see that the URLs you added will have an ending /.
To remove that, you have to click Apply Changes, than click Backup, it will save you the config.xml file containing all the configured rules.
Open the saved file find the listed urls like: http://*s=4897456/ and remove the / from the end of them.
Save the file.
Go to iManager - Border Manager - Access Rules.
Select the server.
Click Restore link.
Browse the just saved file.
Click Restore button.
As a final step, go to iManager - Border Manager - Access Rules
Select the server.
Click OK.
Click Apply Changes.

After you added the above rules, go back to iManager - Border Manager - Access Rules
Select the server.
Click OK.
And move the above 3 rules to the beginning of the list.
Click Apply Changes button.

Additional Information

The rules have been tested in the following environment:
- Border Manager server has two network interface (one public, one private)
- Border Manager server has default filters applied
- clients are behind the server
- clients can access the internet only through the Border Manager server
- clients cannot make DNS lookups

As the above solution is working with the Freegate version 6.77 Professional, and their currently available servers, it is advised to monitor the log files periodically for the signs of Freegate usage, and extend the lists accordingly.
As after the automatic connections  failed, Freegate offers a manual addition of a new IP address to be entered, which can  let the users use it, bypass the rules and download an updated database of ip addresses to contact. This new addresses can be added to the access control rules after looking them up in the log files.
That is not a guaranteed process to block Freegate. It is the initial work to make it harder to bypass access control rules but http proxy log files should be monitoring to track new instances of Freegate activity and block them. As it looks like, every new update after this initial blocking, contains only 4-5 new ip addresses, they could be quickly added to the access control rules.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.