Page 1 of 1

Unable to get URL Guarding to work

Posted: 01 Jul 2019 19:23
by dhqa2019
Hello,

I am currently using version CG-OS-EH-1.3.7 in order to evaluate it for possible use as a security appliance. It is currently unregistered as I am only running 1 user behind it.

I have not subscribed to any Cacheguard URL lists so I am attempting to block a few URLS from a custom made list based on specifications from your user guide.

Cacheguard is currently configured in transparent mode, with mode guard ON, and one IP range filter created. The application appears to download the list but its not clear if it processes any of the URLS.

Do I need to have the application registered or to define more than one filter for the URL guarding to work? Please advise.

Thanks,
Dan

Re: Unable to get URL Guarding to work

Posted: 01 Jul 2019 21:18
by david
Hello,

You don't need to register your appliance for the URL guarding to work. To simplify, you have the possibility to don't use filter but only the default policy. Can you please give us your domain and url lists and the ouput of the following commands?

Code: Select all

urllist
guard filter
guard policy
guard rule
Best Regards,

Re: Unable to get URL Guarding to work

Posted: 02 Jul 2019 14:00
by dhqa2019
David,

Sorry for the late reply. I setup the configuration again and was able to block one or two sites but it is not consistent so maybe I am creating the lists incorrectly.

Here is the output of the commands you requested:

Code: Select all

admin@cacheguard> urllist

urllist                     Advert
                            Chat
                            Dating
                            Drugs
                            Porn
                            Redirector
                            SpyWare
                            Violence
                            test

admin@cacheguard> guard filter

guard filter ip             testUsers range 192.168.10.2-192.168.10.6
guard filter time           <null>
guard filter ldap           <null>

admin@cacheguard> guard policy

guard policy                testPolicy:            ip testUsers

admin@cacheguard> guard rule

guard rule                  default deny:                test

As far as the three files go, can you provide a sample of how you would block something like facebook? I currently have something like this

domains.gz
facebook.com

urls.gz
https://www.facebook.com

expressions.gz
(null)

Thank you,
Dan

Re: Unable to get URL Guarding to work

Posted: 02 Jul 2019 19:30
by david
Hi,

URLs specified in urls.gz should not contain the protocol part. Actually the the name "urls" is not really appropriate. For instance www.facebook.com/directory is correct while https://www.facebook.com/directory is not.

Domain names specified in domains.gz should contain domain base names. For instance facebook.com is correct while www.facebook.com is not.

Also, in your case as you specified the full domain base name facebook.com in the domains.gz file, you do not need to specify the sub domain name www.facebook.com/ in the urls.gz file.

To simplify you can use the following content:

domains.gz
facebook.com

urls.gz
(null)

expressions.gz
(null)

Regarding your filters/policies/rules what is actually missing is a rule associated to the policy testPolicy. You only specified a defulat rule for IPs other than the range 192.168.10.2-192.168.10.6. You can either delete the testPolicy in order to match the default rule or create a rule associated to the testPolicy using the following commands:

Code: Select all

guard rule add testPolicy deny test
apply
Please don't forget to reload the content of the test urrlist as specified above before testing again.

Best Regards,

Re: Unable to get URL Guarding to work

Posted: 02 Jul 2019 19:35
by david
Hello,

One more thing: as www.facebook.com use HTTPS and not HTTP, the redirection to the guarding message page can't work and your Web browser will get an error. This is normal and is is due to the nature of HTTPS that can't be redirected to a third page. Maybe you better test the URL guarding with a domain that use HTTP (such as http://example.com/).

Kind Regards,