Best Practices

Test your DNS Proxy using PowerShell

mark_user

Most company’s have a policy to block dangerous websites for employees. Pornography, hate, gambling, social media are all categories that should be blocked. Either, they are big time wasters, or may be required by law to be blocked.

Although you may have your proxy turned on correctly, that does not mean the bill got paid. Usually, a proxy will default to open for all users. You may be asked by outside 3rd party auditor’s or a senior manager to provide proof that the DNS proxy is actually working and blocking non-approved content.

This PowerShell script will run as the current logged on user and send an email with the results. You will need to provide a list of websites in text document with one URL per line. I have included one below, as an example.

# test-web-proxy.ps1
# Set location of the URL text file
$URLListFile = "C:\users\user1\Desktop\websitelist.txt"
$URLList = Get-Content $URLListFile -ErrorAction SilentlyContinue
$Result = @()
$LocalProxy = "Web Proxy: WebSense"
$date = Get-Date -Format "yyyy-MM-dd"
$user = $env:USERNAME

# Loop through each URL and gather needed info
foreach ($Uri in $URLList) {
    try {
        # Setting TLS version for compatibility
        [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls
        $request = Invoke-WebRequest -Uri $Uri -UseDefaultCredentials
        $time = (Measure-Command { $request }).TotalMilliseconds
    }
    catch {
        $request = $_.Exception.Response
        $time = -1
    }

    # Create Results
    $Result += [PSCustomObject] @{
        Time = Get-Date
        Uri = $Uri
        StatusCode = [int]$request.StatusCode
        StatusDescription = $request.StatusDescription
        TimeTakenMilliseconds = $time
    }
}
# Create Report
if ($null -ne $Result) {
    $Outputreport = @"
    <HTML>
    <TITLE>Web Access Audit</TITLE>
    <BODY style="background-color:peachpuff;">
    <font color ="#0000ff" face="Microsoft Tai le">
    <H2>Web Access DNS Policy Audit</H2></font>
    <ul>
    <li><font color = black><B>Date: $date</B></li>
    <li><font color = black><B>$LocalProxy</B></li>
    <li><font color = black><B>Access Policy: General user.  Access to the identified sites is restricted.</B></li>
	<li><font color = black><B>Account Tested: <font color="red">$user</font></B></li>
    </ul>
    <ul>
    <li><font color = green><B>Green = Blocked!</B></li>
    <li><font color = red><B>Red = NOT Blocked!</B></li>
    <li><font color = gray><B>Gray = Header or NOT Found!</B></li>
    </ul>
    <Table border=1 cellpadding=0 cellspacing=0>
    <TR bgcolor="#787878" align=center><TD><B>URL</B></TD><TD><B>StatusCode</B></TD><TD><B>StatusDescription</B></TD></TR>
"@
    foreach ($Entry in $Result) {
        $bgColor = switch ($Entry.StatusCode) {
            200 { "#F68B8B" }
            403 { "#93F072" }
            default { "#787878" }
        }
        $Outputreport += "<TR bgcolor='$bgColor'><TD>$($Entry.Uri)</TD><TD align=center>$($Entry.StatusCode)</TD><TD align=center>$($Entry.StatusDescription)</TD></TR>"
    }
    $Outputreport += "</Table>"
    $Outputreport += "</BODY>"
    $Outputreport += "</HTML>"
}

# send email with results
$smtpServer = "exchange.company.com"
$smtpFrom = "hostname@company.com"
$smtpTo = "user@comapny.com"
$subject = "Web-Access-Audit - $date"
$body = $Outputreport

Send-MailMessage -SmtpServer $smtpServer -From $smtpFrom -To $smtpTo -Subject $subject -Body $body -BodyAsHtml

Save this file as a ‘websitelist.txt’ file.

*Chat & Instant Messaging*
https://messenger.yahoo.com/
https://www.aim.com/
https://web.whatsapp.com
*Web-Based Email*
https://gmail.com/
https://hotmail.com/
https://mail.yahoo.com/
*Gambling*
https://onlinegambling.com/
https://www.draftkings.com/
https://www.fanduel.com/
*Photo Search & Images*
https://www.shutterfly.com/
https://photoshack.com/
https://www.smugmug.com/
*Peer File Transfer (P2P)*
https://utorrent.com/
https://www.vuze.com/
*Online Storage and Backup*
https://carbonite.com/
https://drive.google.com/
https://www.dropbox.com/login
*Filter Avoidance (Proxy Avoidance)*
https://torproject.org/
https://xroxy.com/
https://ultrasurf.us/
*Personal VPN*
https://surfshark.com/
https://www.hotspotshield.com/
https://expressvpn.com
*Social Networking*
https://www.facebook.com/
https://tiktok.com/
https://www.instagram.com/
*Illegal Activities*
http://www.ekran.no
http://pyrobin.com
*Illegal Downloads*
http://www.keygenninja.com
http://www.rootscrack.com
*On-Line Document Sharing*
https://pastebin.com 
https://docs.google.com
*DNS over HTTPS* 
https://cloudflare-dns.com
https://dns.google.com
*File Transfer Services*
https://filetransfer.io
https://www.sharefile.com
http://www.wetransfer.com

Related Posts

Best Practices

Regulatory Compliance Frameworks

mark_user
Best Practices

Basic Steps to Safeguard Your Digital Secrets

mark_user