Author Topic: Website filter not working  (Read 1493 times)

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Website filter not working
« on: January 17, 2011, 08:53:59 am »
Hello there,

I added yahoo.com to Filter profiles in HTTP Proxy menu. but i can still go to that site.please help me to setup.

cheers
zolf

Sam Graf

  • Guest
Re: Website filter not working
« Reply #1 on: January 17, 2011, 06:10:10 pm »
Assuming that the proxy in general is set up and working correctly, blocking a site is pretty straightforward. I just added yahoo.com as an "Always deny" site and Zentyal correctly blocked me. So the only thing I can think to suggest is that you make sure you've actually selected "Always deny" rather than "Filter" for the yahoo.com domain.

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #2 on: January 18, 2011, 08:35:13 am »

thanks Sam for your feedback. i have Always deny selected in the HTTP Proxy--Filter Profiles--Domains- filtering.
by the way how do i be sure that what you mentioned "Assuming that the proxy in general is set up and working correctly, " is working correctly.

peps

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #3 on: January 18, 2011, 09:05:17 am »
May be you have to restart the service

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #4 on: January 18, 2011, 09:21:21 am »

thanks pep for your comment.
what service do i need to restart.

by the way i setup SARG on the Zentyal and the report shows public IP's as user IP. somebody told me your squid is open to the world and they are using it. shutdown your  squid. can you please help me to get to the bottom of this issue

Sam Graf

  • Guest
Re: Website filter not working
« Reply #5 on: January 18, 2011, 03:27:39 pm »
by the way how do i be sure that what you mentioned "Assuming that the proxy in general is set up and working correctly, " is working correctly.
You do the standard check just for starters, making sure that the dashboard is showing the module to be running. The disk usage screen will tell you if the cache part is working, since it specifies that bit of disk usage.

The rest depends on how you have the proxy/content filter configured. If you're doing a virus check, the eicar site provides a standard test. If you're set up to monitor for porn, attempt to visit some well known adult site or attempt a Web search (at the search engine of your choice) for adult terms or content.

You can also tinker a bit with the domain filter itself. Try to block other sites, or try the block sites listed by IP only feature (which should work for any address not on the server's subnet). Try your own public IP, for example.

Sam Graf

  • Guest
Re: Website filter not working
« Reply #6 on: January 18, 2011, 03:34:17 pm »

thanks pep for your comment.
what service do i need to restart.

by the way i setup SARG on the Zentyal and the report shows public IP's as user IP. somebody told me your squid is open to the world and they are using it. shutdown your  squid. can you please help me to get to the bottom of this issue
In my experience, Sarg installed on Zentyal shows a localhost address (e.g., 127.0.0.1) as the user IP if you don't have authentication set up, not a public IP address. To see the user, they have to authenticate--sign in to use the Internet.

There should be no need to manually restart the proxy service when changing its settings, by the way, though that's a good suggestion for general purposes. In Zentyal, the GUI way to do it is from the dashboard, by clicking the button next to the service you want to restart.

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #7 on: January 19, 2011, 05:51:57 am »
Thanks very much for your feedbacks.in my case the report shows all public ip,very weird websites and ip.I showed this to a person and he suggested the squid is being open to people on the Internet.but I dont know what to do,please help.I tried to attach the screenshot but seems the site has issue with attachments.

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #8 on: January 22, 2011, 08:30:12 am »

please help

Sam Graf

  • Guest
Re: Website filter not working
« Reply #9 on: January 22, 2011, 06:45:18 pm »
"Weird websites" could mean a lot of things. Keep in mind that Squid will report every HTTP access, not just items you type into a browser address bar. Almost certainly you will see sites in the list you had no idea you were visiting through the sites you are intending to visit. The ad people are responsbile for a lot of "weird websites," for example.

As for Squid displaying the public IP instead of the machine's localhost address or a user IP, that I can't help you with. I've never seen Squid behave that way in a Zentyal installation (and Sarg, of course, is simply displaying the content of the proxy's logs). If the machine is not visibile to the public and/or the proxy port is closed/not open to the public, it's almost certain that you aren't running a public proxy. To look at it another way, if the machine is visible to the pulbic you may have more serious concerns than an exposed HTTP proxy.
« Last Edit: January 22, 2011, 06:47:24 pm by Sam Graf »

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #10 on: January 23, 2011, 07:00:36 am »

thanks for your comment.
can you please guide me how i can generate report in zentyal to see which user in my network is going to which sites.appreciate your help

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #11 on: January 23, 2011, 07:02:24 am »

>>To look at it another way, if the machine is visible to the pulbic you may have more serious concerns than an exposed HTTP proxy.

how can i avoid this situation.pleasse help

zolf

  • Zen Monk
  • **
  • Posts: 72
  • Karma: +0/-0
    • View Profile
Re: Website filter not working
« Reply #12 on: January 23, 2011, 07:15:26 am »

Sam,
here is the SARG output which i get. i see many public ip. what are these.

Sam Graf

  • Guest
Re: Website filter not working
« Reply #13 on: January 23, 2011, 07:36:34 pm »
can you please guide me how i can generate report in zentyal to see which user in my network is going to which sites.
To my knowledge, the standard Zentyal way is to set up HTTP user authentication. I suggest giving the Zentyal documentation a look (I haven't, though, so don't know what it covers on this subject) and then ask specific questions if you get stuck. While I've done HTTP authentication in eBox (but not Zentyal), it's been a while and not something I know off the top of my head.


>>To look at it another way, if the machine is visible to the pulbic you may have more serious concerns than an exposed HTTP proxy.

how can i avoid this situation.pleasse help
This might be a little outside the scope of these forums and I certainly don't want to imply I have security expertise I don't have. The general wisdom is to expose to the public only as much as necessary, and in Zentyal, the firewall is the first line of defense. An easy way to see what the public can see at your public IP is to visit Gibson Research Corporation's
Shields Up! service.


Sam,
here is the SARG output which i get. i see many public ip. what are these.
As I mentioned before, this is not something I've seen, and I would go so far as to say that I doubt this is normal Zentyal behavior. You may want to arrange for paid Zentyal support to get this cleared up as quickly as possible.