Banning doesn't work for https url's

Forum for support for the PureSight for WinGate content filtering plugin

Moderator: Qbik Staff

Banning doesn't work for https url's

Postby daylight » Oct 04 04 10:42 pm

We can't get the Ban list to work for https url's

Anybody else got the same problem ?

-Jesper
daylight
 
Posts: 3
Joined: Oct 04 04 10:40 pm

Postby Pascal » Oct 04 04 11:00 pm

Not in PureSight, no. PureSight does not work with HTTPs, it's encrypted traffic. Have you tried the banlist in WinGate itself (Under policies) for that?
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby daylight » Oct 04 04 11:25 pm

I've tried it now and I can't get it to work.

But anyway don't you think that Puresight should be able to do it ? It's what it is designed for.
And since most gambling and a lot of porn sites uses https it leaves Puresight kind of useless without it.
daylight
 
Posts: 3
Joined: Oct 04 04 10:40 pm

Postby Pascal » Oct 04 04 11:43 pm

I'll need to check the code (At home at the moment). It is possible that the list checking might be done before we make a determination about which plugins to apply (Based on the protocol) but I believe none of the plugins will function on HTTPS traffic, simply because none can understand the traffic. (It's all encrypted).

As PureSight is primarily designed as a content filter it not being able to understand HTTPs (Even if we passed it through) would not give you any additional benefit. The client side browser can decode it because it's negotiated the session keys with the server, etc. (WinGate, as a man in the middle, cannot understand that encrypted traffic)

The ban list in WinGate, along with policies, cover that situation. They are a bit tricky to setup, but give you that bannable functionality.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand

Postby daylight » Oct 06 04 7:21 pm

Ok I've started using the policies aproach and it works nicely.

But now I have another problem. Whenever a page is blocked the Gatekeeper jumps to the "System messages" window. And with 1.000 users I have a lot of blocked pages wich more or less leaves the gatekeeper application useless during office hours.
daylight
 
Posts: 3
Joined: Oct 04 04 10:40 pm

Postby Pascal » Oct 06 04 7:49 pm

Go into advanced options (GateKeeper) and don't make the syslogs popup when something changes.
Pascal

Qbik New Zealand
pascalv@qbik.com
http://www.qbik.com
Pascal
Qbik Staff
 
Posts: 2623
Joined: Sep 08 03 8:19 pm
Location: Auckland, New Zealand


Return to PureSight for WinGate

Who is online

Users browsing this forum: No registered users and 20 guests

cron