Тhank you very much Sob !I don't think you can. You can block some with L7 like this:But it's far from perfect.
/ip firewall layer7-protocol add name=proxy regexp="^(CONNECT\\ .*|GET\\ https\?:\\/\\/.*)\\ HTTP\\/1\\."
Indeed it is far from perfect. Probably it'll successfully block proxy requests, but will most probably block usual http requests as well (it probably won't interfere with direct https connections though). It's quite usual to see fullI don't think you can. ....
But it's far from perfect.
GET http://www.somedomain.com/path/to/document.html HTTP/1.x
Yes, i know - about https web proxies i mean !I will look for more information in the internet. For now, I will collect the names and addresses of most well-known ones!I don't follow what happens in public proxy world, but what I got from Google was all without https, just http. But if you have different sources with https, then it's bad for you, because you can't see what's inside https connection, it's the whole point of https. And collecting address, good luck. Maybe if there already is some source of proxy addresses, you could use that. But doing it yourself will be never ending story.
Behind a ccr I have a very sensitive network with about 150 clients.It really depends on what exactly you need it for and how persistent users you have. Maybe if you block the most obvious servers, they will give up. The major thing against you is that all they need is just one working server.
I added the last post with the missed info !Blocking access to proxies doesn't sound like something that would help much. Unless you have some very strict filtering of all outgoing traffic, any worm will just use either custom ports, or if you block those, then regular https. And you pretty much have to allow that, if those 150 clients should be able to use internet in the most basic sense, which today means access to http(s).