Showing results for 
Search instead for 
Did you mean: 

HTTP,HTTPS tunnel tool


My company use MGW 7.0 to url filtering. But when some users use http tunnel tool (ex: fgate.exe, ultrasurf.exe ,... ), they can access to web sites which be block by policy.

Please tell me solution for block the tunnel tools.


0 Kudos
2 Replies
McAfee Employee

Re: HTTP,HTTPS tunnel tool


generally a tunnel through a proxy is indicated  as a CONNECT request, see 9.9 on

A rule in MWG for tunnels over port 80, which are VERY uncommen can look like:

If Command.Name equals CONNECT(

     If URL.Port equals 80




For ultrasurf and others, I suggest to use SSL Scanner. SSL Scanner will

  • block access to unwanted ssl ports
  • detect that a handshake can't be fullfilled
  • will block the traffic

If you don't use SSL Scanner, URL Filtering is a solution. I just traced ultrasurf and found that it does CONNECT to IP rather than names.

In an explicit proxy only deployment you could simply disallow CONNECTs to to IPs. In a transparent deployment ALL CONNECTS will be to IPs, so be careful there!!

If Command.Name equals CONNECT(

     If URL.Port equals 443


     If URL matches regex(^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+




Sample rule is attached.

Important: You might need to whitelist several servers when blocking CONNECTs to IPs.



Message was edited by: Michael Schneider on 19/08/2010 09:57:32 CEST
0 Kudos
Level 12

Re: HTTP,HTTPS tunnel tool

Hi All, i can not block ultrasurf, skype, bittorent with this rule. Im using transparent bridge mode. Any ideas? Thanks!

0 Kudos