V6.0.1.9 / WSRP / Policies / Advd / Criterions behaviour

WinGate Proxy Server and other Qbik products

Switch to full style
Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Post a reply
eric_b
  • eric_b
  • Posts: 9
  • Joined: Sep 07 04 9:13 am
  • Location: Tunisia
  • Website

V6.0.1.9 / WSRP / Policies / Advd / Criterions behaviour

Sep 10 04 12:49 am

I have installed WG 6.0.1.9 a few days ago and it works fine. Great product. No doubt.

I would like to restrict users to a list of website. So they can only visit google, yahoo, etc...

They can access to WG through WGIC. I stopped www proxy server, ftp proxy server and socks proxy server services.

I read in knowledge base "Blocking client access to Specific URL's and Sites", and I tried many test to understand the criterion behaviour of the policies of WRSP. Well... I am in trouble. It sound like a bug (or I am very very tired ?).

What I did :
In WRSP Policies, I put Default rights to "are ignored", created recipient "Everyone" and in advanced choose "Specify wich requests ..."

Then :
Test 0) No Criterion
=> I try to access google, or any other site, and all this sites are reachable. Fine. Let's start.

Test 1) Criterion = "server name contains google"
=> I try to access google, or any other site, and then WIC ERROR : "You have not been granted rights...". Oups.

Test 2) Criterion = "NOT server name contains google"
=> I try to access google, or any other site, and all this sites are reachable. ???

Test 3) Criterion = "server name begins with google"
=> I try to access google, or any other site, and then WIC ERROR : "You have not been granted rights...".

Test 4) Criterion = "NOT server name begins with google"
=> I try to access google, or any other site, and all this sites are reachable.

etc.. etc...

I tried about 12 or 14 differents tests, with new criterion using Google, google.com, http://google.com, even "g" or "G" and I could never differentiate google from any other URL.

So no way to restrict my user to a list of site.

Details :
- I dont have any users created. Everything is under "Guest".
- Everything works fine if I dont use criterions

Any idea ?
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Sep 10 04 10:03 am

WRP is simply a translation protocol. It shuffles traffic around. I believe in that case the "server name" is only the IP address of Google. You can test that, but your best bet for this kind of policy is to redirect the traffic through the WWW Proxy and set your policies there. Then you can use HTTP::Request , etc.
eric_b
  • eric_b
  • Posts: 9
  • Joined: Sep 07 04 9:13 am
  • Location: Tunisia
  • Website

Sep 10 04 11:06 am

Thank you Pascal. It works fine now.

I dont know if I choose the right method :

I activate www proxy server and in its :: Session :: Transparent proxy I add port 80

Then set the policies I wanted. It works fine.

May I suggest that you remove the policies in WRSP so nobody else will do the same mistake as me ?

Thank you again.

Eric

[/quote]
Pascal
  • Pascal
  • Posts: 2623
  • Joined: Sep 08 03 8:19 pm
  • Location: Auckland, New Zealand
  • Website

Sep 10 04 11:09 am

It's not a mistake to have the policies in there OR to use them. It's simply a case of how you set them up. In WRP the ServerName is not know, it simply gets an ip-address (DNS has already been resolved). You can still do other forms of filtering there (Such as time based, username, etc.)

Redirecting simply provides an alernative, which allows you to use more 'protocol specific' features and gives you the option to use plugins too, then.
eric_b
  • eric_b
  • Posts: 9
  • Joined: Sep 07 04 9:13 am
  • Location: Tunisia
  • Website

Sep 10 04 8:36 pm

Ok. So I guess It would be better to remove the name based criterion in WRP ?

Anyway, thank you again for your reply.

Now I am sure Wingate is the right choice for us.

Eric
Post a reply
Switch to full style

Powered by phpBB © phpBB Group.

phpBB Mobile / SEO by Artodia.

Board index