How to block websites when accessed from Tor Browser

Description

In this article we describe how to block Tor or any traffic generated from Tor Apps like Tor WebBrowser. Content filter policies does not apply for any HTTPHTTPS sites being accessed from a Tor browser although it works as expected for any other browsers like IE,Chrome, or Firefox. The reason is Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms".

CAUTION: Enabling DPI-SSL should be performed in a test environment or applied to a controlled set of devices to monitor behavior and access before applying to an entire organization.


Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.



Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.

To block Tor applications using App Control Advanced feature, follow the steps below:

  1. Login to the SonicWall Management GUI.
  2. Navigate to Policy |Security service | Advanced Application Control .
  3. Check the box Enable App Control and click on the Accept button to apply changes.
  4. Under Signatures, select PROXY-ACCESS under Category.
  5. Select Tor under Application and then click on the Configure button.
  6. A pop-up window appears, select Enable under the Block and Log fields.
  7. Click OK to save.

                                     Image

Now under App Control Advanced, select PROXY-ACCESS under Category.


  • Select Encrypted Key Exchange under Application, Click on Configure button.

    Image
  • A pop-up window appears, select Enable under the Block and Log fields.

                                                        Image


  • Click on OK to save.
  • After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:

                        Image


Enable Application Control on Zones

  1. Navigate to Object| Match Objects | Zones.
  2. Click on the configure button under the zone where you want enable App Control.
  3. Check Enable App Control Service.

                         Image

Enable DPI-SSL Client Inspection

1. Navigate to Policy > DPI-SSL > SSL Client deployment.

2. Under General, Click on Enable SSL Client Inspection, Check on Intrusion Prevention.


               Image

How to Test

From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" pageor the connection has been reset error.


Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.



Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.

To block Tor applications using App Control Advanced feature, follow the steps below:

  1. Login to the SonicWall Management GUI.
  2. Navigate to Manage | Rules | Advanced Application Control .
  3. Check the box Enable App Control and click on the Accept button to apply changes.
  4. Under App Control Advanced, select PROXY-ACCESS under Category.
  5. Select Tor under Application and then click on the Configure button.
  6. A pop-up window appears, select Enable under the Block and Log fields.
  7. Click OK to save.
    Image
  8. Now under App Control Advanced, select PROXY-ACCESS under Category.
  9. Select Encrypted Key Exchange under Application, Click on Configure button.
    Image
  10. A pop-up window appears, select Enable under the Block and Log fields.

Image

11. Click on OK to save.

12. After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:
Image

Enable Application Control on Zones

  1. Navigate to Manage | Network | Zones.
  2. Click on the configure button under the zone where you want enable App Control.
  3. Check Enable App Control Service.

Image
Enable DPI-SSL Client Inspection

1. Navigate to Manage > Deep Packet Inspection > SSL Client deployment.

2. Under General, Click on Enable SSL Client Inspection, Check on Intrusion Prevention.

Image

How to Test

From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" page as shown below:

Image


Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.






Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.

To block Tor applications using App Control Advanced feature, follow the steps below:

  1. Login to the SonicWall Management GUI.
  2. Navigate to Firewall | App Control Advanced . (In Gen5 TZ devices this page is under Security Services | App Control.)
  3. Check the box Enable App Control and click on the Accept button to apply changes.
  4. Under App Control Advanced, select PROXY-ACCESS under Category.
  5. Select Tor under Application and then click on the Configure button.
  6. A pop-up window appears, select Enable under the Block and Log fields.
  7. Click OK to save.

    Image
  8. After Enabling Block to Tor application under PROXY-ACCESS category it would look like this:
    Image
  9. Now under App Control Advanced, select PROXY-ACCESS under Category.
  10. Select Encrypted Key Exchange under Application, Click on Configure button.
    Image
  11. A pop-up window appears, select Enable under the Block and Log fields.
    Image
  12. Click on OK to save.
  13. After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:
    Image

Enable Application Control on Zones

  1. Navigate to Network | Zones.
  2. Click on the configure button under the zone where you want enable App Control.
  3. Check Enable App Control Service.

Image
Enable DPI-SSL Client Inspection

Image

How to Test

From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" page as shown below:

Image

Related Articles

  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More
  • CFS blocks valid sites due to incorrect 64: Not Rated tag
    Read More

Categories

Firewalls
TZ Series
Application Firewall
Firewalls
SonicWall NSA Series
Application Firewall
Firewalls
SonicWall SuperMassive 9000 Series
Application Firewall
not finding your answers?
Ask the Community
was this article helpful?
YesNo