Hello,
I am currently using version CG-OS-EH-1.3.7 in order to evaluate it for possible use as a security appliance. It is currently unregistered as I am only running 1 user behind it.
I have not subscribed to any Cacheguard URL lists so I am attempting to block a few URLS from a custom made list based on specifications from your user guide.
Cacheguard is currently configured in transparent mode, with mode guard ON, and one IP range filter created. The application appears to download the list but its not clear if it processes any of the URLS.
Do I need to have the application registered or to define more than one filter for the URL guarding to work? Please advise.
Thanks,
Dan
Unable to get URL Guarding to work
Re: Unable to get URL Guarding to work
Hello,
You don't need to register your appliance for the URL guarding to work. To simplify, you have the possibility to don't use filter but only the default policy. Can you please give us your domain and url lists and the ouput of the following commands?
Best Regards,
You don't need to register your appliance for the URL guarding to work. To simplify, you have the possibility to don't use filter but only the default policy. Can you please give us your domain and url lists and the ouput of the following commands?
Code: Select all
urllist
guard filter
guard policy
guard rule
Re: Unable to get URL Guarding to work
David,
Sorry for the late reply. I setup the configuration again and was able to block one or two sites but it is not consistent so maybe I am creating the lists incorrectly.
Here is the output of the commands you requested:
As far as the three files go, can you provide a sample of how you would block something like facebook? I currently have something like this
domains.gz
facebook.com
urls.gz
https://www.facebook.com
expressions.gz
(null)
Thank you,
Dan
Sorry for the late reply. I setup the configuration again and was able to block one or two sites but it is not consistent so maybe I am creating the lists incorrectly.
Here is the output of the commands you requested:
Code: Select all
admin@cacheguard> urllist
urllist Advert
Chat
Dating
Drugs
Porn
Redirector
SpyWare
Violence
test
admin@cacheguard> guard filter
guard filter ip testUsers range 192.168.10.2-192.168.10.6
guard filter time <null>
guard filter ldap <null>
admin@cacheguard> guard policy
guard policy testPolicy: ip testUsers
admin@cacheguard> guard rule
guard rule default deny: test
domains.gz
facebook.com
urls.gz
https://www.facebook.com
expressions.gz
(null)
Thank you,
Dan
Re: Unable to get URL Guarding to work
Hi,
URLs specified in urls.gz should not contain the protocol part. Actually the the name "urls" is not really appropriate. For instance www.facebook.com/directory is correct while https://www.facebook.com/directory is not.
Domain names specified in domains.gz should contain domain base names. For instance facebook.com is correct while www.facebook.com is not.
Also, in your case as you specified the full domain base name facebook.com in the domains.gz file, you do not need to specify the sub domain name www.facebook.com/ in the urls.gz file.
To simplify you can use the following content:
domains.gz
facebook.com
urls.gz
(null)
expressions.gz
(null)
Regarding your filters/policies/rules what is actually missing is a rule associated to the policy testPolicy. You only specified a defulat rule for IPs other than the range 192.168.10.2-192.168.10.6. You can either delete the testPolicy in order to match the default rule or create a rule associated to the testPolicy using the following commands:
Please don't forget to reload the content of the test urrlist as specified above before testing again.
Best Regards,
URLs specified in urls.gz should not contain the protocol part. Actually the the name "urls" is not really appropriate. For instance www.facebook.com/directory is correct while https://www.facebook.com/directory is not.
Domain names specified in domains.gz should contain domain base names. For instance facebook.com is correct while www.facebook.com is not.
Also, in your case as you specified the full domain base name facebook.com in the domains.gz file, you do not need to specify the sub domain name www.facebook.com/ in the urls.gz file.
To simplify you can use the following content:
domains.gz
facebook.com
urls.gz
(null)
expressions.gz
(null)
Regarding your filters/policies/rules what is actually missing is a rule associated to the policy testPolicy. You only specified a defulat rule for IPs other than the range 192.168.10.2-192.168.10.6. You can either delete the testPolicy in order to match the default rule or create a rule associated to the testPolicy using the following commands:
Code: Select all
guard rule add testPolicy deny test
apply
Best Regards,
Re: Unable to get URL Guarding to work
Hello,
One more thing: as www.facebook.com use HTTPS and not HTTP, the redirection to the guarding message page can't work and your Web browser will get an error. This is normal and is is due to the nature of HTTPS that can't be redirected to a third page. Maybe you better test the URL guarding with a domain that use HTTP (such as http://example.com/).
Kind Regards,
One more thing: as www.facebook.com use HTTPS and not HTTP, the redirection to the guarding message page can't work and your Web browser will get an error. This is normal and is is due to the nature of HTTPS that can't be redirected to a third page. Maybe you better test the URL guarding with a domain that use HTTP (such as http://example.com/).
Kind Regards,