Unable to get URL Guarding to work

Discuss and get help to configure the URL filtering
Post Reply
dhqa2019
Posts: 2
Joined: 26 Jun 2019 20:45

Unable to get URL Guarding to work

Post by dhqa2019 »

Hello,

I am currently using version CG-OS-EH-1.3.7 in order to evaluate it for possible use as a security appliance. It is currently unregistered as I am only running 1 user behind it.

I have not subscribed to any Cacheguard URL lists so I am attempting to block a few URLS from a custom made list based on specifications from your user guide.

Cacheguard is currently configured in transparent mode, with mode guard ON, and one IP range filter created. The application appears to download the list but its not clear if it processes any of the URLS.

Do I need to have the application registered or to define more than one filter for the URL guarding to work? Please advise.

Thanks,
Dan
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Unable to get URL Guarding to work

Post by david »

Hello,

You don't need to register your appliance for the URL guarding to work. To simplify, you have the possibility to don't use filter but only the default policy. Can you please give us your domain and url lists and the ouput of the following commands?

Code: Select all

urllist
guard filter
guard policy
guard rule
Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
dhqa2019
Posts: 2
Joined: 26 Jun 2019 20:45

Re: Unable to get URL Guarding to work

Post by dhqa2019 »

David,

Sorry for the late reply. I setup the configuration again and was able to block one or two sites but it is not consistent so maybe I am creating the lists incorrectly.

Here is the output of the commands you requested:

Code: Select all

admin@cacheguard> urllist

urllist                     Advert
                            Chat
                            Dating
                            Drugs
                            Porn
                            Redirector
                            SpyWare
                            Violence
                            test

admin@cacheguard> guard filter

guard filter ip             testUsers range 192.168.10.2-192.168.10.6
guard filter time           <null>
guard filter ldap           <null>

admin@cacheguard> guard policy

guard policy                testPolicy:            ip testUsers

admin@cacheguard> guard rule

guard rule                  default deny:                test

As far as the three files go, can you provide a sample of how you would block something like facebook? I currently have something like this

domains.gz
facebook.com

urls.gz
https://www.facebook.com

expressions.gz
(null)

Thank you,
Dan
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Unable to get URL Guarding to work

Post by david »

Hi,

URLs specified in urls.gz should not contain the protocol part. Actually the the name "urls" is not really appropriate. For instance www.facebook.com/directory is correct while https://www.facebook.com/directory is not.

Domain names specified in domains.gz should contain domain base names. For instance facebook.com is correct while www.facebook.com is not.

Also, in your case as you specified the full domain base name facebook.com in the domains.gz file, you do not need to specify the sub domain name www.facebook.com/ in the urls.gz file.

To simplify you can use the following content:

domains.gz
facebook.com

urls.gz
(null)

expressions.gz
(null)

Regarding your filters/policies/rules what is actually missing is a rule associated to the policy testPolicy. You only specified a defulat rule for IPs other than the range 192.168.10.2-192.168.10.6. You can either delete the testPolicy in order to match the default rule or create a rule associated to the testPolicy using the following commands:

Code: Select all

guard rule add testPolicy deny test
apply
Please don't forget to reload the content of the test urrlist as specified above before testing again.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Unable to get URL Guarding to work

Post by david »

Hello,

One more thing: as www.facebook.com use HTTPS and not HTTP, the redirection to the guarding message page can't work and your Web browser will get an error. This is normal and is is due to the nature of HTTPS that can't be redirected to a third page. Maybe you better test the URL guarding with a domain that use HTTP (such as http://example.com/).

Kind Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply