How to Block PHP Proxy Sites Using APP Rules

This article provides an example and instructions for using the App Rules feature of SonicOS Enhanced to block PHProxy sites such as www.myspaceproxysite.cn. These sites are often used to circumvent Content Filtering.

Follow these steps to create the application object representing the PHProxy site you wish to block:

1. Select Firewall | Match Object
2. Click Add New Match Object and enter the following:
   • Object Name: PHProxy
   • Application Object Type: HTTP URI Content
   • Match Type: Partial Match
   • Input Representation: Alphanumeric
   • Content List:
     • /index.php?q=http
     • /index.php?q=www
     • /index.php?q=jjj
     • /index.php?q=aHR0c
     • /index.php?q=d3d3
     • /index.php?q=uggc
     • /index.php?q=am9l
     • /index.php?q=eW91
3. Click OK to complete creation of the new match object.

Follow these steps to create the App Rule policy blocking the PHProxy site:

1. Select Firewall | App Rules
2. Click Add New Policy and enter the following:
   • Policy Name: Block PHProxy
   • Policy Type: HTTP Client
   • Source: ANY, ANY
   • Destination: ANY, HTTP
   • Exclusion Address: None
   • Application Object: PHProxy
   • Action: Reset/Drop
   • Users Included: ALL
   • Excluded: NONE
   • Schedule: Always
   • Enable Logging
   • Connection: Client Side
   • Direction:Outgoing
3. Click OK to complete creation of the new policy.

N.B. If you have subscribed to the Premium Content Filtering Service (CFS), you may create a specific policy blocking www.myspaceproxysite.cn, which is rated under Category 28 (Hacking and Proxy Avoidance Systems). In this case, use of the App Rules feature would not be necessary for this particular site, but would continue to be effective for other similar proxies.

For more information on how to configure the Content Filtering: Using custom Content Filter policies to block Internet access to a specific group (CFS + ULA + local groups)

---