I see that trustedsource.org currently categorizes their main web site as "Anonymizers" with a risk score of 22. I'm expect they've rated all of their proxies similarly, which we block by category so that we don't need to maintain a black list for this.
Thank you for the reply, John. The issue isn't that users have access to the UltraSurf website, it's that the UltraSurf application (which requires no actual installation) completely bypasses the MWG proxy by creating and connecting to a proxy of its own, thus allowing for unrestricted access to the Internet. I can block the website without issue but I cannot block their proxy connections.
Ultrasurf can be blocked by web gateway without SSL scanning, but the web gateway cannot do it alone. Ultrasurf cannot be blocked by web gateway if the client is allowed to access the Internet directly on any port. It’s as simple as that. You cannot reasonably expect a web gateway to block or filter traffic that it doesn’t “see". Web Gateway needs to be used in combination with Network or host based firewall rules or MCP. Like a host based firewall, MCP has the ability to block access to non-standard ports by process.