This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[ASG 7.305] http-proxy blocks websites with "offensive" URLs/IPs in http-parameter?

Hello,
when I do a google-search for "rotten.com", the results page is blocked (Extreme / Gruesome Content not allowed)
When Astaro's IPS notified me (via mail) about a potential "web application attack", that mail included the URL http://www.ripe.net/perl/whois?query=82.102.10.200
so I can easily look up who the attacker's IP belongs to. But when I click on that URL, the http-proxy says: "P0rnography not allowed"

I guess 82.102.10.200 is some P0rn-site, but isn't that http-proxy going a bit too far? I didn't try to access those URLs, I only queried Google and Ripe.net to find information about them.
Can I keep Astaro from blocking this by switching off some option?

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 17 years ago

This is actually good, that it can block a site based by IP... I'm not sure what you're looking for... the IPS triggered, more than likely, due to either malware traffic that was detected, or it was a false positive. What was the IPS rule that was triggered (should be in the notification email)?

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 17 years ago

This is actually good, that it can block a site based by IP... I'm not sure what you're looking for... the IPS triggered, more than likely, due to either malware traffic that was detected, or it was a false positive. What was the IPS rule that was triggered (should be in the notification email)?

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 thtran over 17 years ago in reply to BrucekConvergent

IPS was not involved, only the HTTP-proxy.
[EDIT]: The URL http://www.ripe.net/perl/whois?query=82.102.10.200 was sent to me by the IPS (email-notification) and I clicked on the link contained in that mail.

When I visit the URL
http://www.ripe.net/perl/whois?query=82.102.10.200

I'm NOT accessing the IP 82.102.10.200, im accessing http://www.ripe.net.
And when I search for "rotten.com" on Google, I'm accessing the URL
http://www.google.de/search?hl=en&q=rotten.com&btnG=Google+Search

No need for the Content-Filter to block the google search results. The search results are not "Gruesome Content" [;)]
BTW: Right now, the IP 82.102.10.200 is not categorized as p0rn anymore.
Cancel
Vote Up 0 Vote Down

Cancel