Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 2206 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering is not working on Astaro ASG220 model

Sharath Kumar S
We are using Astaro ASG220 firewall with 8.312 version and Web filtering is not working.
Attached a screenshot for your referance.Eventhough they are in the blocked websites list all the websites are opened by users.
Please let me know if anything else apart from this has to be done to enable website filtering.


This thread was automatically locked due to age.
  • 0
    Show a line from the HTTP/S log file where one of the domains in your block list was allowed.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi ,

    Please find the screenshot where both the blocked site is shown and the same site opened in other browser.
  • 0
    Hi,

    Bob asked you to provide the log file entries.

    Barry
  • 0 in reply to BarryG
    Hi,

    Please find the logs attached.

    Reagards ,
    Sharath
    packetfilter-2014-07-25.log.gz.zip
  • 0
    Sharath, one line, not thousands, please! [;)]  I also asked for the HTTP/S log, not the firewall/packetfilter log.

    Cheers - Bob
  • 0 in reply to BAlfson
    Dear Bob,

    Can you please let me know which logs to send from the attached screen shot.

    Regards,
    Sharath
  • 0
    Web Filtering, at the bottom.  As it is 219MB please do not send the whole file.  Just the last 100 lines.
  • 0
    Michael, you must have too many balls in the air!  [;)]

    Instead of 100 lines, Sharath, just one line please where a site in the block list was passed.

    Cheers - Bob
  • 0 in reply to BAlfson
    Dear Bob,

    Please find the logs of Blocked sites that were accessible in Firefox from the same machine attached.
  • 0
    Sharath,

    The following two lines were allowed, but they do not appear in your block list:
    2014:08:11-16:33:36 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.156" dstip="124.153.64.106" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="355" request="0x15436d08" url="http://radarfeed.moneycontrol.com/mccode/common/generic/get_space_info.php?jx_cid=3&callback=myspacefunc" exceptions="" error="" category="114" reputation="neutral" categoryname="Finance/Banking" content-type="text/html"
    2014:08:11-16:48:32 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.138" dstip="74.125.130.94" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="371" request="0x152d6d00" url="http://www.google.co.in/search?q=goibibo&sourceid=ie7&rls=com.microsoft:en-US:IE-SearchBox&ie=&oe=&gfe_rd=cr&ei=h6boU7TDH8-EoAOfvoHgDg" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines" content-type="text/html" application="google"


    The following line shows a block of google's attempt to redirect you to a blocked site:
    2014:08:11-16:48:40 in01fw01-1 httpproxy[7651]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="10.91.20.138" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6550" request="0x152d6d00" url="http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.goibibo.com%2F&ei=iqboU7-BLta58gWlwoLIBg&usg=AFQjCNGa03FcdxMWHbuJtMqDypGmGfrU5w&bvm=bv.72676100,d.dGc" exceptions="" error=""

    All of that looks correct.  On the PC that you made the screencap for post #3 above, start the Web Filtering Live Log before you try the same experiment.  I suspect that you will not see the activity there because the traffic is bypassing the Proxy.

    Cheers - Bob