This is the point I've been (unsuccessfully) trying to make from the start.
Let me explain with a simple example, and you can tell me where I'm going wrong.

Say Bob has a server that runs a proxy service, and he's getting real tired of people wasting his bandwidth on "inappropriate" websites. So he installs DansGuardian (or something similar) to deny access to those sites. How well can exclusion lists do in these types of cases?

Note that Bob is not a member of the CoDeeN network, so you can't filter his proxy by IP address, or by doing a reverse DNS lookup and checking the hostname for "planetlab" or ".edu".

Anyone who utilizes proxies for "testing" purposes knows that even after removal of the CoDeeN variety, there are a number of these other "nasties" (what I've been calling them) that tend to muck up the works.

And that also goes to the point I was trying to make when I referenced the "cracking" tools - the logic of looking in the response headers for certain keywords that indicate that web filtering software is installed.

Since it's probably been 4-5 years since I last used Charon, I went back and reviewed the tutorial, and I saw something interesting that I had forgotten about. Namely, the option of using an internal proxy judge. Do you know of any proxy judges written in Java?