Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web filtering profiles not respecting web filtering exceptions

tuxi
Hi,

as you can see in the subject: I created a web filtering profile so that my kids can surf really protected (whitelist).
This works (more or less) but the exceptions made in the global web filter exceptions are not regarded.
So windows update always gives an error while searching for updates and in the web filter log these addresses get blocked.

I think I read somewhere that "global" web filtering exceptions do their work even in profile mode.

Is that right? Where is my mistake? I am using the web filtering in transparent mode.

Cheers,
Michael


This thread was automatically locked due to age.
Parents
  • 0
    Hi dilandau,

    thank you for your answer. UTM latest version, that is 9.106-17 as software (VM) appliance (home use).

    SSL scanning is not enabled, port tcp 443 is nat'ed in special time ranges for the kids.
    I'm using the standard exceptions which come out of the box in web filtering configuration. I always try to change things need being changed, so keeping most of the things standard is the way I go. Just like keep it simple. ;-)

    This is what the error log produced (web filtering log).

    ---------------------------------------
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xdfe4248" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="3402" request="0x8419970" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xca18210" url="ds.download.windowsupdate.com/.../wuredir.cab
    ---------------------------------------



    ---------------------------------------
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xcb8f9c8" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="3402" request="0xe2a6188" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xdfe46c8" url="ds.download.windowsupdate.com/.../wuredir.cab
    ---------------------------------------


    This was my testing a few days ago.
    Any ideas, why the overall exceptions are not working?

    Cheers,
    Michael
Reply
  • 0
    Hi dilandau,

    thank you for your answer. UTM latest version, that is 9.106-17 as software (VM) appliance (home use).

    SSL scanning is not enabled, port tcp 443 is nat'ed in special time ranges for the kids.
    I'm using the standard exceptions which come out of the box in web filtering configuration. I always try to change things need being changed, so keeping most of the things standard is the way I go. Just like keep it simple. ;-)

    This is what the error log produced (web filtering log).

    ---------------------------------------
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xdfe4248" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="3402" request="0x8419970" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-22:31:52 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xca18210" url="ds.download.windowsupdate.com/.../wuredir.cab
    ---------------------------------------



    ---------------------------------------
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xcb8f9c8" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="3402" request="0xe2a6188" url="ds.download.windowsupdate.com/.../wuredir.cab
    2013:11:30-23:55:24 gatekeeper httpproxy[5673]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="HEAD" srcip="172.16.11.83" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProKids (KIDS)" filteraction="REF_HttCffKids (KIDS)" size="0" request="0xdfe46c8" url="ds.download.windowsupdate.com/.../wuredir.cab
    ---------------------------------------


    This was my testing a few days ago.
    Any ideas, why the overall exceptions are not working?

    Cheers,
    Michael
Children
No Data