URL Classification issues

Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems

Moderator: Qbik Staff

URL Classification issues

Postby zwartje » Feb 26 14 3:45 am

Hi Support, I am evaluating your product for use in enterprise setting 250 users.

We are coming from a squid proxy where we could very easily manage ACL's with exceptions but had a terrible time getting it integrated with windows authentication. That last part makes us consider WinGate :)

I am trying to (example)

Block access to any URL with 'file' in it, except for 'files.contractor.com'.

I created the Data type list with pattern matching as a text file on disk called 'filesblock.txt' and one called 'allowedfile.txt'

    - Entered '*file*' in the first and '*contractor*' in the second.
    - Created a Category 'FileTransfers'
    - Made a classifier 'FileTransfer' URL based, matched by data list 'filesblock' to classify under 'FileTransfers'
    - Made a classifier 'AllowedFile' URL based, matched by data list 'allowedfile' to classify under Allowed (default of WinGate)
    - Set access rule to block on category 'FileTransfers'
    - Set access rule to allow on category 'Allowed' on the FIRST line

However, this results in a block of files.contractor.com

Unless I delete the block Classifier and then recreate it. So it seems the first created Classifier is always leading.

My complaint would be that;
a: you cannot prioritize these yourself where the prioritisation in the Access Rules gives the impression you could!
b: there is no way to tell in the admin interface which classifier comes up a winner.

I hope I am overlooking something trivial here because this would make our situation extremely hard to administer.

BR,
Jeroen
zwartje
 
Posts: 2
Joined: Feb 26 14 3:24 am

Re: URL Classification issues

Postby adrien » Feb 26 14 5:16 pm

Hi Jeroen

yes it's a known issue with the manual classifier that it's in fact order dependent yet cannot be ordered. We plan to overhaul this, including the ability to set multiple categories on a site.

In the meantime you can add a web access control rule which will simply allow that site in the web access control rules, since you can specify sites in there as well, rather than having to classify them.

Alternatively, the classifier rules are loaded based on their alphabetic position of their GUID. If you were brave, you could change the GUIDs in the registry (rename the key) to effect the order you desired. Far from ideal I know, and sorry about that.

Regards

Adrien de Croy
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: URL Classification issues

Postby zwartje » Feb 26 14 9:54 pm

Adrien,

thank you for that clear and honest explanation! Having it listed as a future change together with the workaround you suggested might make things bearable. I will seriously look into that.

Also, great to see such swift and to the point answers to a forum post :)

Thanks,

Jeroen
zwartje
 
Posts: 2
Joined: Feb 26 14 3:24 am

Re: URL Classification issues

Postby adrien » Feb 27 14 9:42 am

Hi Jeroen

thanks. The main reason it's not orderable is because actually it's a hybrid system for performance reasons.

Any exact strings (strings not containing wild-card characters) are indexed in a fast lookup map. Things with wild-cards or that use global lists are done linearly.

WinGate tries the fast lookup first. We did find this improved performance significantly. But if we are to support multiple categories, then all rules would need to be evaluated in all cases anyway.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland


Return to WinGate

Who is online

Users browsing this forum: Bing [Bot], Majestic-12 [Bot] and 21 guests

cron