WinGate Forums

[SeanLeR]

Hi

We allow full access to the internet during tea time, lunch time and after hours for all our employees.

During working hours we ban chats (e.g. gmail), facebook, and several other abused sites.

Our office hours are as follows:

Monday, Tuesday, Wednesday:
Work: 08:00-10:00
Tea: 10:00-10:10
Work: 10:10-12:00
Lunch: 12:00-12:30
Work: 12:30-15:00
Tea: 15:00-15:10
Work: 15:10-16:30

Thursday:
Work: 08:00-10:00
Tea: 10:00-10:10
Work: 10:10-12:00
Lunch: 12:00-13:00
Work: 13:00-15:00
Tea: 15:00-15:10
Work: 15:10-16:30

Friday:
Work: 08:00-10:00
Tea: 10:00-10:10
Work: 10:10-12:00
Lunch: 12:00-12:30
Work: 12:30-14:30

I am currently using policies in www proxy server to control access but I find that there is way to much repetition (re-typing and re-creating the ban list 3 times, adding all the exclusions and included times e.t.c.)

Is there no faster way of doing this?

Also I find that when I start adding to many different policies for everyone it starts getting a little confusing (they are all called restricted by time or restricted by time, ban list) and the more policies I add the less stability there is.

[ChrisH]

I would suggest that you implement two distinct policies for Everyone. One policy that would be utilized during work time that contains all restricted sites (black list) in the Ban List - but place no time restrictions in this policy. The second policy would contain no restrictions in the Ban List but would provide time slices that correspond to non working times ( see below). WG will look at both policies and logically .OR. the two. So if either policy gives permission to a site permission will be granted. Thus if it is break time the "non work time" policy will give permission to all sites and thus permission will be granted but during work time this policy will not grant any permission so only the "work time" policy will apply and thus the Ban List comes into effect. This "work time" policy then is the only place you need to create your black list. Let us know if this is what you were hoping for.

policy.GIF (23.13 KiB) Viewed 14210 times

[SeanLeR]

Hi, I'll have to play around but that looks as if it will do the trick :)

Thank you.

[SeanLeR]

Thank You, It is working perfectly :)

Should I use the excluded time space as well or is that just unnecessarily complicating matters?

[logan]

The excluded time space is for making exclusions within the included time. For instance, if you wanted to make a time based policy that applied during work hours except on lunch break, you could make the included time 9am to 5pm, and then exclude 12pm to 1pm.

[logan]

So to answer your question, you don't need anything in the excluded times.

[SeanLeR]

Thanks, It is working perfectly :)

[SeanLeR]

Hi

Today I have noticed all the normally banned sites are only opening partially or not at all after working hours.

[logan]

What do you mean by opening partially? Can you give us an example. A screenshot would be good.

[SeanLeR]

I've set everything up the way they were and am trying to replicate the problem.

If/when it happens again I'll post some screen shots.

[SeanLeR]

Today at tea time I noticed it was doing the same again. I tried browsing several sites that are banned during work hours and got this response. Never banned sites were unaffected.

Ban and time on.jpg (101.61 KiB) Viewed 14095 times

Turning the time restrictions and ban list off had it working again.

Ban and time off.jpg (111.07 KiB) Viewed 14094 times

[ChrisH]

I wonder if caching has something to do with this. Check to see what your WG cache settings are. Does a page refresh open up the sites?

[SeanLeR]

Hi

A Page refresh makes no difference and Facebook (as an example in my cache exclusions) is also affected.

[ChrisH]

Hmmm..., in your filter every one of those criteria will have to be true before anything will be cached and because the specific criteria "Server name contains 'absa' " will only be true when the domain name contains 'absa' you will never cache anything, because if domain does contain 'absa' the criteria "NOT HTTP URL contains 'absa' " will then equate to be not true and the net result will be no caching and if it isn't 'absa' then the "Server name contains 'absa' " will equate to be not true and nothing will be cached. I would suggest this should be a NOT Server name contains 'absa' criteria instead. However, since I don't think you are caching anything my previous post about caching won't apply... but if I might make a suggestion try caching everything and also caching nothing ie "NOT Server name contains '.' " and see if anything changes.

[SeanLeR]

The problem with the banking sites (standard, absa) is that when I cache them people get locked out of there internet banking. (could be wrog but think it is caching passwords or usernames then using cached data to try sign in).

I'll give it a try.

[SeanLeR]

Hi

Tried both ways with no luck (cache everything, NOT HTTP URL contains . )

[SeanLeR]

Hi

I still have this problem

The way I work around it is by disabling the time and ban list bans, restarting the proxy server then enabling them again.

I would prefer to not have to do this at all.

Any other suggestions?

[ChrisH]

A couple of suggestions. Enable debug logging in WWW proxy to see if anything is amiss. In IE uncheck "Show friendly HTTP error messages" Tools, Internet Options, Advanced to see if different error messages are displayed. What version of WG? What OS is it running on? are you using two NICs in WG machine one for LAN, one for internet. what other devices are beyond WG machine towards the internet? Perhaps a support ticket to Qbik might resolve things quicker!