restrict website access on a given time... is this possible?
Mar 26 04 6:05 pm
hello,
is it possible w/ wingate to disallow access on a particular website on scheduled basis? e.g. friendster.com is BLOCKED from 7:00am to 11:59am but accessible from 12:00nn to 1:00pm then blocked again from 1:01 til 5:00pm
i am also wanting to block chat sessions (YM, MSN, etc..) using the same pattern above. any help is very much appreciated
f1 pls. tnx
wingate 5.2.3
nt 4 w/s sp6 srp
is it possible w/ wingate to disallow access on a particular website on scheduled basis? e.g. friendster.com is BLOCKED from 7:00am to 11:59am but accessible from 12:00nn to 1:00pm then blocked again from 1:01 til 5:00pm
i am also wanting to block chat sessions (YM, MSN, etc..) using the same pattern above. any help is very much appreciated
f1 pls. tnx
wingate 5.2.3
nt 4 w/s sp6 srp
Mar 26 04 6:44 pm
It is. Open the policies for your WWW Server.
Select the appropriate user (Everyone) and set an advanced criterion: "This criterion is NOT met if HTTP URL contains friendster"
Click out to have that policy added. Then, add another policy:
Select the same user (Everyyone) and set an advanced criterion: "This criterion is met if HTTP URL contains friendster". Add a time based filter to allow only the times you want the user to have access.
Click out to have that policy added. Then, set the "System Rights" dropdown to "are ignored".
What will happen now, is it will check the one policy, see that it grants access to everything, all day, except to anything that contains "friendster". If the URL has friendster in it, the next policy will be checked, and if the time matches there, it will be allowed.
It's a bit convoluted, and might need a bit of experimentation to get it working the way you want it to, but should all work. (I just tried it here)
Select the appropriate user (Everyone) and set an advanced criterion: "This criterion is NOT met if HTTP URL contains friendster"
Click out to have that policy added. Then, add another policy:
Select the same user (Everyyone) and set an advanced criterion: "This criterion is met if HTTP URL contains friendster". Add a time based filter to allow only the times you want the user to have access.
Click out to have that policy added. Then, set the "System Rights" dropdown to "are ignored".
What will happen now, is it will check the one policy, see that it grants access to everything, all day, except to anything that contains "friendster". If the URL has friendster in it, the next policy will be checked, and if the time matches there, it will be allowed.
It's a bit convoluted, and might need a bit of experimentation to get it working the way you want it to, but should all work. (I just tried it here)
tnx pascal
Mar 26 04 6:51 pm
i will try what uv suggested. i'll post my findings soon, tnx
Mar 26 04 6:52 pm
Cool. I'm going home shortly, but will probably check forums a bit later.
pascal
Mar 27 04 11:57 pm
yep, it did the trick :) i only applied it for the "staff" group not to "everyone" (w/c is already present in the WWW policy). bec we have an internet cafe in w/c i do not intend to block anything, except for spyware sites
now the bad thing... the trick only works if i remove the group "everyone" in w/c & where banned sites are listed. now how do i make those banned sites in effect again? i know i need to place it now on every group, but that will take forever :(
is there a way in the registry that i cud extract and import the banned sites part over the user property entries? or any other ideas is very much welcomed.
f1 pls. tnx
now the bad thing... the trick only works if i remove the group "everyone" in w/c & where banned sites are listed. now how do i make those banned sites in effect again? i know i need to place it now on every group, but that will take forever :(
is there a way in the registry that i cud extract and import the banned sites part over the user property entries? or any other ideas is very much welcomed.
f1 pls. tnx
Mar 28 04 12:11 am
Yeah, there is a way. Go to the appropriate proxy and setup one group. Now, this is going to involve some registry editing, so all applicable warnings. Have a backup / system restore. You'll need to stop the WinGate Engine when you do this, then restart it when you're done.
Open RegEdit and scroll down until you find HKEY_LOCAL_MACHINE \ Software \ Qbik Software \ WinGate \ Services.
Find the WWW Proxy Service in there, and open the subkey called "Access Rights".
That should have a list of users (Subkeys) in there. Find the appropriate group, select it and then export it. Make notes of what the subkeys are for all the other groups.
Now, comes the tricky bit. Using your favourite text editor, manipulate that file. Copy and paste the bits referring to the time, etc. portions, duplicating it and replacing the exported group name with the group name for each of the groups you want to replace it with.
Once you've done that, you should be able to re-import that file, adding those policies to all your groups. If you want, you can send me the file you've created, then I'll double check it.
Open RegEdit and scroll down until you find HKEY_LOCAL_MACHINE \ Software \ Qbik Software \ WinGate \ Services.
Find the WWW Proxy Service in there, and open the subkey called "Access Rights".
That should have a list of users (Subkeys) in there. Find the appropriate group, select it and then export it. Make notes of what the subkeys are for all the other groups.
Now, comes the tricky bit. Using your favourite text editor, manipulate that file. Copy and paste the bits referring to the time, etc. portions, duplicating it and replacing the exported group name with the group name for each of the groups you want to replace it with.
Once you've done that, you should be able to re-import that file, adding those policies to all your groups. If you want, you can send me the file you've created, then I'll double check it.
pascal
Mar 28 04 2:14 am
i had it merged over the registry :) its now reflected in the ban list tab of of www service>policies> and tick "enable ban list".
& its now working! :)
tnx for the help Pascal :D i am very greatful
(partial view only...)
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion84]
"Name"=""
"Description"="HTTP URL ends with \".cab\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000005
"DataIndex"=dword:0000000f
"VariableName"="ends with"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
"strData"=".cab."
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion85]
"Name"=""
"Description"="HTTP URL ends with \".dll\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000005
"DataIndex"=dword:0000000f
"VariableName"="ends with"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:0137e210
"nData"=dword:0137e1c0
"dData"=hex:70,e1,37,01,20,e1,37,01
"strData"=".dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion86]
"Name"=""
"Description"="Server name equals \"www.kazaa.com\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000000
"DataIndex"=dword:00000002
"VariableName"="equals"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:01377850
"nData"=dword:01377770
"dData"=hex:20,77,37,01,d0,76,37,01
"strData"="www.kazaa.com"
btw, is there an entry limit in the advanced criterion? e.g. "This criterion is met / NOT met if HTTP URL contains friendster". (i applied two seperate rules based on ur prevoius sample)
i added a criterion (under the same filter) "This criterion is met / NOT met if HTTP URL contains myspace" now the time based filter has lost its effect, it blocks both friendster & myspace totally.
with your help from ur previous post, can u provide a sample filter, time-based & criterion for restricting multiple website?
tnx in advance
& its now working! :)
tnx for the help Pascal :D i am very greatful
(partial view only...)
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion84]
"Name"=""
"Description"="HTTP URL ends with \".cab\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000005
"DataIndex"=dword:0000000f
"VariableName"="ends with"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
"strData"=".cab."
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion85]
"Name"=""
"Description"="HTTP URL ends with \".dll\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000005
"DataIndex"=dword:0000000f
"VariableName"="ends with"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:0137e210
"nData"=dword:0137e1c0
"dData"=hex:70,e1,37,01,20,e1,37,01
"strData"=".dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy
server\AccessRights\Recipient1\BanFilter\Criterion86]
"Name"=""
"Description"="Server name equals \"www.kazaa.com\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000000
"DataIndex"=dword:00000002
"VariableName"="equals"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:01377850
"nData"=dword:01377770
"dData"=hex:20,77,37,01,d0,76,37,01
"strData"="www.kazaa.com"
btw, is there an entry limit in the advanced criterion? e.g. "This criterion is met / NOT met if HTTP URL contains friendster". (i applied two seperate rules based on ur prevoius sample)
i added a criterion (under the same filter) "This criterion is met / NOT met if HTTP URL contains myspace" now the time based filter has lost its effect, it blocks both friendster & myspace totally.
with your help from ur previous post, can u provide a sample filter, time-based & criterion for restricting multiple website?
tnx in advance
pascal
Mar 29 04 1:59 am
i've tried everything from "Server name/HTTP URL...contains or equals" but theres no way restrictions take effect. the advance criterion only accepts "one" query entry (e.g. friendster):
THIS ONE WORKS :) 1 filter w/ 1 criterion
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
i dont understand why it doesnt make effect on multiple entries, since the advanced criterion tab allows you to add many filters with multiple criterions:
DOESNT WORK :( 1 filter w/ 2 criterions. it blocks the site totally
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
|___HTTP URL contains myspace
DOESNT WORK TOO :( 2 filters w/ 1 criterion each. doesnt block anything
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
|_Filter 2
|___HTTP URL contains myspace
DOESNT WORK EITHER :( 2 sets of filters
Specify which request this recipient has rights for:
|_Filter 1
|___Server name contains friendster
|_Filter 2
|___HTTP URL contains myspace
if i'm making criterion filtering the wrong way, kindly correct me.. pls :)
tnx
THIS ONE WORKS :) 1 filter w/ 1 criterion
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
i dont understand why it doesnt make effect on multiple entries, since the advanced criterion tab allows you to add many filters with multiple criterions:
DOESNT WORK :( 1 filter w/ 2 criterions. it blocks the site totally
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
|___HTTP URL contains myspace
DOESNT WORK TOO :( 2 filters w/ 1 criterion each. doesnt block anything
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
|_Filter 2
|___HTTP URL contains myspace
DOESNT WORK EITHER :( 2 sets of filters
Specify which request this recipient has rights for:
|_Filter 1
|___Server name contains friendster
|_Filter 2
|___HTTP URL contains myspace
if i'm making criterion filtering the wrong way, kindly correct me.. pls :)
tnx
Mar 29 04 8:37 am
Remember, you need one Filter to block (One Policy Setup) and one to Allow everything else through. (As per the example I gave you)
When I get to the office, I'll set it up again, then export the registry for you. What OS are you on ?
When I get to the office, I'll set it up again, then export the registry for you. What OS are you on ?
pascal
Mar 29 04 4:43 pm
oh ic... so the number of sites i like to scheduled-block, the number of same group i would have to add w/ it. that doesnt sound so friendly... :(
anyway, im on Windows NT4 w/s
(...this trick doesnt work also)
anyway, im on Windows NT4 w/s
(...this trick doesnt work also)
trying to do the same.
Mar 30 04 12:51 am
greetings,
i was working towards somehting similar what n0ticer was....i also wanted to block access to certain sites during certain times in the day, aparently i cannot get the time based filters to work either! they are simply ignored....
it would help if you could post the registry of a working set on here so we all can go through it and see where we are going wrong.
it would also help if we could find out how to block a particular port range through the SOCKS proxy.
thanks and regards,
Shayan
OS in use : Windows 2000 SP4 with all patches
machine : p3-800/1.5GB RAM/1mbADSL
i was working towards somehting similar what n0ticer was....i also wanted to block access to certain sites during certain times in the day, aparently i cannot get the time based filters to work either! they are simply ignored....
it would help if you could post the registry of a working set on here so we all can go through it and see where we are going wrong.
it would also help if we could find out how to block a particular port range through the SOCKS proxy.
thanks and regards,
Shayan
OS in use : Windows 2000 SP4 with all patches
machine : p3-800/1.5GB RAM/1mbADSL
Mar 30 04 1:09 am
Will do tomorrow morning, when I'm back in the office.
whew!
Mar 30 04 1:12 am
glad im not alone here :) whew!
tnx pascal. btw, is time-based filtering for chat (YM, MSN) also be possible?
tnx pascal. btw, is time-based filtering for chat (YM, MSN) also be possible?
Mar 30 04 3:11 pm
Following the principles behind the original post, you simply add extra criterion to the existing filter. There are two important considerations. Firstly, there needs to be a policy (Or policies) that will GRANT access to your users for all sites, except the ones you want to restrict the time with. In that policy (Or policies if you are deeply into groups) you need to specify ALL the URLS that you are wanting to restrict by time to be NOT MET if that URL contains it.
Then, you need to setup a policy (Or policies) that makes those same URLs accessible within a given time range.
Remember one thing about policies, they act as a fall-through system. The first one that is found that will grant access will grant access, even if another policy will deny it.
That's a bit of a mouthful, but it'll give you the basic idea.
You can apply the same logic to all Services and policies, just substitute HTTP URL with something applicable to the appropriate service.
Then, you need to setup a policy (Or policies) that makes those same URLs accessible within a given time range.
Remember one thing about policies, they act as a fall-through system. The first one that is found that will grant access will grant access, even if another policy will deny it.
That's a bit of a mouthful, but it'll give you the basic idea.
- Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights]
"RightType"=dword:00000000
"IncludeDefaultRights"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0]
"UserName"="Everyone"
"Description"="Restricted by request"
"SpecifyUser"=dword:00000000
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000000
"SpecifyBan"=dword:00000000
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\BanFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0]
"Name"="Filter 1"
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="Not HTTP URL contains \"google\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000001
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="google"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0\Criterion1]
"Name"=""
"Description"="Not HTTP URL contains \"nzherald\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000001
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="nzherald"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\TimeFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1]
"UserName"="Everyone"
"Description"="Restricted by time, request"
"SpecifyUser"=dword:00000000
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000001
"SpecifyBan"=dword:00000000
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\BanFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0]
"Name"="Filter 3"
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="HTTP URL contains \"google\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="google"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0\Criterion1]
"Name"=""
"Description"="HTTP URL contains \"nzherald\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="nzherald"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter\Inclusion0]
"Name"=""
"Description"="Every day from 14:05:00 to 14:10:00"
"Every"=dword:00000001
"CheckTime"=dword:00000001
"EveryWhat"=dword:0000007f
"StartTime"=hex:72,1c,c7,71,1c,c7,e2,3f
"EndTime"=hex:39,8e,e3,38,8e,e3,e2,3f
You can apply the same logic to all Services and policies, just substitute HTTP URL with something applicable to the appropriate service.
tnx pascal
Mar 31 04 2:01 am
tnx pascal for the sample code (kindly inspect my code below) i think my code is similar to urs. except on this line:
"Description"="Restricted by security level, ban list, request" and the
"TimeFilter\Inclusion..." entry (on the lower part of the registry w/c im not sure if ryt)
ur code works ok if as is, modifying it to suit my needs doesnt give any effect (either it gets blocked or ignored). what i needed to work is something like on my first post. i really dunno what im missing here :x alt+f4 pls :)
tnx 4 ur great help
"Description"="Restricted by security level, ban list, request" and the
"TimeFilter\Inclusion..." entry (on the lower part of the registry w/c im not sure if ryt)
ur code works ok if as is, modifying it to suit my needs doesnt give any effect (either it gets blocked or ignored). what i needed to work is something like on my first post. i really dunno what im missing here :x alt+f4 pls :)
- Code:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights]
"RightType"=dword:00000000
"IncludeDefaultRights"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0]
"UserName"="Staff"
"Description"="Restricted by security level, ban list, request"
"SpecifyUser"=dword:00000000
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000000
"SpecifyBan"=dword:00000001
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\BanFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0]
"Name"="Not HTTP URL"
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="Not HTTP URL contains \"friendster\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000001
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="friendster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\RequestFilter\Filter0\Criterion1]
"Name"=""
"Description"="Not HTTP URL contains \"myspace\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000001
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:00000000
"dData"=hex:00,00,00,00,00,00,00,00
"strData"="myspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient0\TimeFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1]
"UserName"="Staff"
"Description"="Restricted by security level, time, request"
"SpecifyUser"=dword:00000000
"SpecifyLocation"=dword:00000000
"SpecifyTime"=dword:00000001
"SpecifyBan"=dword:00000000
"SpecifyRequest"=dword:00000001
"MinimumSecurityLevel"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\BanFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0]
"Name"="HTTP URL"
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0\Criterion0]
"Name"=""
"Description"="HTTP URL contains \"friendster\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:cdcdcdcd
"nData"=dword:cdcdcdcd
"dData"=hex:cd,cd,cd,cd,cd,cd,cd,cd
"strData"="friendster"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\RequestFilter\Filter0\Criterion1]
"Name"=""
"Description"="HTTP URL contains \"myspace\""
"Type"="CRequestCriterion"
"Comparison"=dword:00000003
"DataIndex"=dword:0000000f
"VariableName"="contains"
"Not"=dword:00000000
"DataType"=dword:00000002
"dwData"=dword:00000000
"nData"=dword:0000000a
"dData"=hex:80,09,00,00,c0,d4,01,00
"strData"="myspace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter]
"Name"=""
"Description"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter\Inclusion0]
"Name"=""
"Description"="Every weekday from 12:00:00 to 12:59:59"
"Every"=dword:00000001
"CheckTime"=dword:00000001
"EveryWhat"=dword:0000003e
"StartTime"=hex:00,00,00,00,00,00,e0,3f
"EndTime"=hex:87,b4,8c,0f,3d,55,e1,3f
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter\Inclusion1]
"Name"=""
"Description"="Every weekday from 00:00:00 to 07:59:59"
"Every"=dword:00000001
"CheckTime"=dword:00000001
"EveryWhat"=dword:0000003e
"StartTime"=hex:00,00,00,00,00,00,00,00
"EndTime"=hex:b8,13,c4,c9,24,55,d5,3f
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter\Inclusion2]
"Name"=""
"Description"="Every weekday from 17:00:00 to 23:59:59"
"Every"=dword:00000001
"CheckTime"=dword:00000001
"EveryWhat"=dword:0000003e
"StartTime"=hex:aa,aa,aa,aa,aa,aa,e6,3f
"EndTime"=hex:31,5f,37,ba,e7,ff,ef,3f
[HKEY_LOCAL_MACHINE\SOFTWARE\Qbik Software\WinGate\Services\WWW Proxy server\AccessRights\Recipient1\TimeFilter\Inclusion3]
"Name"=""
"Description"="Every weekend"
"Every"=dword:00000001
"CheckTime"=dword:00000000
"EveryWhat"=dword:00000041
"StartTime"=hex:d9,56,29,51,ce,20,e8,3f
"EndTime"=hex:d9,56,29,51,ce,20,e8,3f
tnx 4 ur great help
Mar 31 04 10:42 am
Try taking the banfilter out of staff ... (Seems like the ban list is checked)
pascal
Mar 31 04 3:43 pm
i have two registry codes, one w/ banlist one w/o. both codes only work if single string is used in the criterion (e.g. friendster) one for "if met" and another for "if not met".
btw, have u tried my code? if so, does it has an effect in ur system? and if u can create a an exact copy of what ive posted and post that new one here, may be that will do the trick since ur code works at all. juz a hunch :j
tnx
btw, have u tried my code? if so, does it has an effect in ur system? and if u can create a an exact copy of what ive posted and post that new one here, may be that will do the trick since ur code works at all. juz a hunch :j
tnx
Mar 31 04 5:07 pm
Here's the missing bit of information. I'd gotten myself running around in circles here, and Adrien saved me :-)
The Filters and Criterions are effectively OR and AND statements. Multiple filters mean:
Filter 1 OR Filter 2 OR etc...
Multiple criterion in a filter mean:
Criterion 1 AND Criterion 2 AND etc...
So, what you do is in the section for allowing access to the two sites, they need to become 1 Filter + 1 Criterion each. So that it is if (URL contains "friendster" OR URL contains "myspace" ) rather than if( URL contains "friendster" AND URL contains "myspace" ).
The one that allows blanket access (Second policy without time restrictions) can stay as it is, because it's DOES NOT contain X and DOES NOT contain Y.
The Filters and Criterions are effectively OR and AND statements. Multiple filters mean:
Filter 1 OR Filter 2 OR etc...
Multiple criterion in a filter mean:
Criterion 1 AND Criterion 2 AND etc...
So, what you do is in the section for allowing access to the two sites, they need to become 1 Filter + 1 Criterion each. So that it is if (URL contains "friendster" OR URL contains "myspace" ) rather than if( URL contains "friendster" AND URL contains "myspace" ).
The one that allows blanket access (Second policy without time restrictions) can stay as it is, because it's DOES NOT contain X and DOES NOT contain Y.
pascal
Mar 31 04 7:31 pm
DOESNT WORK TOO :( 2 filters w/ 1 criterion each. doesnt block anything
Specify which request this recipient has rights for:
|_Filter 1
|___HTTP URL contains friendster
|_Filter 2
|___HTTP URL contains myspace
tnx for the heads up, but i've already tried that on my prev post... they are ignored.
kindly see the screenshot:
& post if u hav other suggestions, tnx pascal, adrien
Apr 01 04 5:11 am
N0ticer,
I agree with you that in WG 5.2.3 the advanced criteria is not working the way, IMHO, it should. The Filter criteria are not being ORed
I believe you can get the policy to work as you have listed in your last post except don't use the Advanced criteria use the Ban List instead. Don't put any URL's in the Ban List of the Staff(1) policy but put them in the Staff(2) policy.
Staff(1) policy will let all members of this group access to any URL during the time allowed in this policy. Staff(2) policy will apply to any other time not listed in Staff(1) policy and, as well, apply the ban list.
The Winsock Redirector Service could also be set up in a similar fashion to ban applications as you listed in your first post. Of course the WG client would have to be installed on the machines used by the members of the Staff policies.
Hope this helps.
I agree with you that in WG 5.2.3 the advanced criteria is not working the way, IMHO, it should. The Filter criteria are not being ORed
I believe you can get the policy to work as you have listed in your last post except don't use the Advanced criteria use the Ban List instead. Don't put any URL's in the Ban List of the Staff(1) policy but put them in the Staff(2) policy.
Staff(1) policy will let all members of this group access to any URL during the time allowed in this policy. Staff(2) policy will apply to any other time not listed in Staff(1) policy and, as well, apply the ban list.
The Winsock Redirector Service could also be set up in a similar fashion to ban applications as you listed in your first post. Of course the WG client would have to be installed on the machines used by the members of the Staff policies.
Hope this helps.
pascal, adrien, chrish
Apr 01 04 7:31 pm
yes! its now working :D your tips & suggestions has help me a lot
Staff (1)
Time: Recipient has rights always
Ban list: Enable ban list > HTTP URL contains "friendster"
Advanced: Specify which requests this recipient has rights for > Not HTTP URL contains "friendster"
Staff (2)
Time: Specify when times this recipient has rights > Every weekend
Ban list: <unticked or n/a>
Advanced: Specify which requests this recipient has rights for > HTTP URL contains "friendster"
tnx for all ur help, Qbik Team! ...dont go changin' :)
pls see screenshots:
Staff (1)
Time: Recipient has rights always
Ban list: Enable ban list > HTTP URL contains "friendster"
Advanced: Specify which requests this recipient has rights for > Not HTTP URL contains "friendster"
Staff (2)
Time: Specify when times this recipient has rights > Every weekend
Ban list: <unticked or n/a>
Advanced: Specify which requests this recipient has rights for > HTTP URL contains "friendster"
tnx for all ur help, Qbik Team! ...dont go changin' :)
pls see screenshots:
Apr 02 04 3:30 am
Hi N0ticer,
Is it your wish to have only those three URL's available during non-business hours as shown in Staff(2) policy? If you want Staff(2) policy to allow all those in that group to have unrestricted URL access don't enter anything in Advanced or Ban List Tabs. Similarily in Staff(1) policy you have a redundant setting restricting those three URL's twice as they show up in Advanced and Ban List. I would suggest taking them out of the Advanced section.
To QBik staff: I observe that in WG 5.2.3, in the Advanced policy settings, multiple Filter entries end up being ignored IF the criteria is precede by NOT. As an example if I wish to ban any URL containing msn and enter Filter Criteria as Not HTTP URL contains msn, it works OK. If I then add another filter banning another URL neither one is restricted. One Filter works OK but add more than one and it isn't working correctly. The reverse seems to work OK i.e. allowing mutiple URL's. Can you duplicate this behaviour?
Is it your wish to have only those three URL's available during non-business hours as shown in Staff(2) policy? If you want Staff(2) policy to allow all those in that group to have unrestricted URL access don't enter anything in Advanced or Ban List Tabs. Similarily in Staff(1) policy you have a redundant setting restricting those three URL's twice as they show up in Advanced and Ban List. I would suggest taking them out of the Advanced section.
To QBik staff: I observe that in WG 5.2.3, in the Advanced policy settings, multiple Filter entries end up being ignored IF the criteria is precede by NOT. As an example if I wish to ban any URL containing msn and enter Filter Criteria as Not HTTP URL contains msn, it works OK. If I then add another filter banning another URL neither one is restricted. One Filter works OK but add more than one and it isn't working correctly. The reverse seems to work OK i.e. allowing mutiple URL's. Can you duplicate this behaviour?
Apr 02 04 6:11 pm
Is it your wish to have only those three URL's available during non-business hours as shown in Staff(2) policy?
yup
If you want Staff(2) policy to allow all those in that group to have unrestricted URL access don't enter anything in Advanced or Ban List Tabs. Similarily in Staff(1) policy you have a redundant setting restricting those three URL's twice as they show up in Advanced and Ban List. I would suggest taking them out of the Advanced section.
the staff group has an unrestricted url access on all sites & it doesnt block any, except friendster, myspace and abante during office hours. staff(1) & (2) are not different or separate groups, they are the same. i only quoted (1 & 2) to illustrate that i have added that group twice in the www proxy service as per pascal said in his prev post. kindly excuse my comprehension if im not getting it ryt :) tnx
Apr 02 04 7:53 pm
n0ticer,
This is a curiosity question. What happens when you check in Advanced policy Staff(1) the Recipient has rights for all requestsand leave ban list checked? Do you notice any difference?
This is a curiosity question. What happens when you check in Advanced policy Staff(1) the Recipient has rights for all requestsand leave ban list checked? Do you notice any difference?
chrish
Apr 02 04 8:49 pm
time-based filtering is still in effect :) i got ur point... the option to: Specify which requests this recipient has rights for > Not HTTP URL contains "friendster" for Staff(1) is not needed at all
changed staff(1) as u have asked:
Staff (1)
Time: Recipient has rights always
Ban list: Enable ban list > HTTP URL contains "friendster"
Advanced: Recipient has rights for all access
tnx :)
changed staff(1) as u have asked:
Staff (1)
Time: Recipient has rights always
Ban list: Enable ban list > HTTP URL contains "friendster"
Advanced: Recipient has rights for all access
tnx :)