Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 2205 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering is not working on Astaro ASG220 model

Sharath Kumar S
We are using Astaro ASG220 firewall with 8.312 version and Web filtering is not working.
Attached a screenshot for your referance.Eventhough they are in the blocked websites list all the websites are opened by users.
Please let me know if anything else apart from this has to be done to enable website filtering.


This thread was automatically locked due to age.
Parents
  • 0
    Sharath,

    The following two lines were allowed, but they do not appear in your block list:
    2014:08:11-16:33:36 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.156" dstip="124.153.64.106" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="355" request="0x15436d08" url="http://radarfeed.moneycontrol.com/mccode/common/generic/get_space_info.php?jx_cid=3&callback=myspacefunc" exceptions="" error="" category="114" reputation="neutral" categoryname="Finance/Banking" content-type="text/html"
    2014:08:11-16:48:32 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.138" dstip="74.125.130.94" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="371" request="0x152d6d00" url="http://www.google.co.in/search?q=goibibo&sourceid=ie7&rls=com.microsoft:en-US:IE-SearchBox&ie=&oe=&gfe_rd=cr&ei=h6boU7TDH8-EoAOfvoHgDg" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines" content-type="text/html" application="google"


    The following line shows a block of google's attempt to redirect you to a blocked site:
    2014:08:11-16:48:40 in01fw01-1 httpproxy[7651]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="10.91.20.138" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6550" request="0x152d6d00" url="http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.goibibo.com%2F&ei=iqboU7-BLta58gWlwoLIBg&usg=AFQjCNGa03FcdxMWHbuJtMqDypGmGfrU5w&bvm=bv.72676100,d.dGc" exceptions="" error=""

    All of that looks correct.  On the PC that you made the screencap for post #3 above, start the Web Filtering Live Log before you try the same experiment.  I suspect that you will not see the activity there because the traffic is bypassing the Proxy.

    Cheers - Bob
Reply
  • 0
    Sharath,

    The following two lines were allowed, but they do not appear in your block list:
    2014:08:11-16:33:36 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.156" dstip="124.153.64.106" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="355" request="0x15436d08" url="http://radarfeed.moneycontrol.com/mccode/common/generic/get_space_info.php?jx_cid=3&callback=myspacefunc" exceptions="" error="" category="114" reputation="neutral" categoryname="Finance/Banking" content-type="text/html"
    2014:08:11-16:48:32 in01fw01-1 httpproxy[7651]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.91.20.138" dstip="74.125.130.94" user="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="371" request="0x152d6d00" url="http://www.google.co.in/search?q=goibibo&sourceid=ie7&rls=com.microsoft:en-US:IE-SearchBox&ie=&oe=&gfe_rd=cr&ei=h6boU7TDH8-EoAOfvoHgDg" exceptions="" error="" category="145" reputation="trusted" categoryname="Search Engines" content-type="text/html" application="google"


    The following line shows a block of google's attempt to redirect you to a blocked site:
    2014:08:11-16:48:40 in01fw01-1 httpproxy[7651]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="GET" srcip="10.91.20.138" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6550" request="0x152d6d00" url="http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&frm=1&source=web&cd=1&ved=0CCsQFjAA&url=http%3A%2F%2Fwww.goibibo.com%2F&ei=iqboU7-BLta58gWlwoLIBg&usg=AFQjCNGa03FcdxMWHbuJtMqDypGmGfrU5w&bvm=bv.72676100,d.dGc" exceptions="" error=""

    All of that looks correct.  On the PC that you made the screencap for post #3 above, start the Web Filtering Live Log before you try the same experiment.  I suspect that you will not see the activity there because the traffic is bypassing the Proxy.

    Cheers - Bob
Children
No Data