Lost Manual Classification Block

[Hopkinsmailing]

This was working yesterday 3/10/2009 on all keywords. The keyword below "gumball" is administrativley blocked and was getting caught but not today. PureSight is catching websites from the database and stopping access but I'd like some additional control here. below is a sample that gets through. I pasted this URL in the "Test URL" area and PureSight tells me this should be blocked. We've cleared the client machine cache and don't run cache on Wingate at all. Help greatly appreciated.

http://www.google.com/search?q=gumball& ... tartPage=1

[labull]

Could there be a rule that is overriding the block by expressly allowing a keyword found in that url?

[Hopkinsmailing]

Not that I'm aware of especially in the PureSight plugin. The only keyword there right now is gumball. I exported the rest for now until I can figure out why this isn't working. I just finished uninstalling everything even cleaning the Registry and doing a complete reinstall. I still can't get the Manual Classification to work with partials. I was able to get it to block a complete URL entry but not partial keywords entries.

[adrien]

Hi

Is PureSight blocking anything at all?

Just wondering if it got unhooked / disabled from the HTTP proxy.

Adrien

[Hopkinsmailing]

Yes, It does block things from the database. Some of my keywords (partials) must be in the database since they block but "breast" gets through. I chose gumball for testing since it's a little less to explain at work if someone walks in while Google is loading a search page of questionable content. The PureSight test URL returns the message, after loading libraries, that gumball is blocked. Go to Google and it isn't blocked.

[adrien]

Hi

Other possibility is there's a wild-card override or something that is passing everything before it hits the entries in your blocklist that you expect to block something.

Can you submit a support ticket at http://support.qbik.com and provide your PureSight registry, which can be exported using regedit.exe from

HKEY_LOCAL_MACHINE\Software\Qbik Software\WinGate\DataScanning\Installed\PureSight

Regards

Adrien

[adrien]

Hi

Just had a chat with support about your ticket on this issue, and it appears it's due to the fact that the things you want to block are not in the URL but in a querystring associated with the URL.

in a URL like http://some.server.com/some_resource.ht ... uerystring

the query string is not actually deemed by the HTTP spec to be part of the URL, and it's not actually passed into the PureSight plugin, so it can't filter it.

You can filter it in WinGate policy though.

Various search engines may search by different methods, and this even can change over time. Currently most use the GET method and pass search parameters in the query string (e.g. Google, MSN and Yahoo), but it used to be popular to use the POST method and submit it as a form, in which case the search parameters are in the message body sent by the client.

Filtering searches in WinGate 7 is very simple with policy, but in WinGate 6 it's more difficult with the current framework. It's a reasonable idea, but we haven't had requests before for filtering searches by any other means.

Regards

Adrien