Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 1872 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

improper blacklist

BanksDad
Astaro proxy (7.1) blacklisted the following link:

http://logitech-sjca.navisite.net/web/ftp/pub/techsupport/keyboards/g15/lgks104_x64.exe

I did not have logitech or its download link site blacklisted.  This is a legit file for the G15 keyboard support.  Anyone have any ideas why astaro cut it off?


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to robertobrinsky
    Umm... check the blocked extensions settings... that is a blacklist of sorts, and I think .exe is by default blocked... take it out of the blocked extensions list.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
  • 0 in reply to BrucekConvergent
    Well, here are some strange things. First of all, I am using v7.101 of the software on my own PC. This has been in place for about 2 1/2 weeks, so I am still playing with it a bit. So, I changed the setting on the http proxy to 'standard' instead of 'transparent'. I then confirmed that my browser was NOT configured to use the proxy - in fact, it was set for direct connection to the internet. I was still able to access the internet - I even made sure that my cache was cleared and went to sites that I had not visited before. In my opinion, I should have been blocked by the gateway.

    Next, leaving my browser configured for direct connection to the internet and leaving the proxy in standard mode, I was able to access the previously blacklisted url and download the file. Also, this url (http://oxid.netsons.org/download/ca_setup.exe) is now available to me whereas before, when the proxy was in transparent mode, the proxy responded that the url was blacklisted.

    Again, my setting as far as content goes is to allow all traffic, so blacklisting should not come into play at all, unless I am missing something?
  • 0 in reply to robertobrinsky
    If you have packet filters defined to allow outbound traffic on port 80, etc. (if you used the configuration wizard at startup it would configure rules like these, for example) you can bypass the proxy if it is standard mode... For regular installations that use SSO or Standard mode for their proxy, we do not define a packet filter for port 80, thus the users have to use proxy... you simply have your system misconfigured.

    When one is using the proxy (as in your case when you were in transparent mode), the File Extension Filter setting is in effect... look under the Antivirus tab in your HTTP configuration.. at the bottom is the File Extension Filter list.  If .exe is in that list, you will get a "blacklist" message.  Check this... you don't mention it, so maybe you didn't read all of my first post.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to robertobrinsky
    One other thing I forgot to mention was that I did not remove the exe extension from the blocked file extension list, and it still allowed me to download that type of file.
  • 0 in reply to robertobrinsky
    Read my last post!  You're missing the point; if you have packet filter rules defined that allow outbound traffic on port 80, etc. and the proxy is NOT in transparent mode, one can bypass it.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    OK - this makes sense now. I will go back to transparent mode, remove the exe extension from the blocked list and try again. Thx.
  • 0 in reply to robertobrinsky
    Thanks for the clarification - it is now working as designed/expected.
  • 0 in reply to robertobrinsky
    Great... glad to help.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.