PureSight filtering questions

Forum for support for the PureSight for WinGate content filtering plugin

Moderator: Qbik Staff

PureSight filtering questions

Postby ggiebler » Sep 26 05 4:18 pm

I've been evaluating Wingate and the PureSight web filter. I have a few
questions to ask. Here are some of the problems I encountered:

1. Some forbidden Web pages filtered by PureSight will load if you keep refreshing your browser. For example, I have the Sex filter in PureSight set to 10% certainty. Any lower than that, and it seems that too many legitimate sites get blocked. If I try to load playboy.com, it initially gets rejected by PureSight as having a very high likelihood of containing prohibited content (86%). Subsequent refreshings of the browser result in its being rejected, but with ever lower likelihoods of containing prohibited content, until finally it does in fact load in the browser.

2. There are a number of sights which can allow users to bypass the content filters, e.g., https://www.megaproxy.com. Is there a way to prohibit users from using such sights. Putting megaproxy in the ban list does not prevent users from going to that sight since it begins with https://.

3. I'm having trouble getting the hosts file to work under the DNS/WINS Resolver configuration. I was thinking this might be a good way to ban a number of sights more easily than adding them to PureSight's or WWW Proxy Server's or System Policy's ban lists. I have all clients set up as assumed users based on IP address. No clients are using the Wingate client. Everyone connects via NAT. DHCP is disabled. All clients have fixed IP addresses. Is there something I need to do to get the hosts file to work?

Thank you for your assistance.

Greg
ggiebler
 
Posts: 8
Joined: Sep 22 05 4:33 pm

Postby Randy Baker » Nov 17 07 5:29 pm

I am evaluating WinGate with the PureSight web filter. Tonight I discovered that some forbidden web pages originally blocked by PureSight can sometimes become allowed if you refresh your browser, or just return to the same link later. Checking into this, I found this topic and that it has not yet had any responses.

I have tested this behaviour at varying certainty levels between 45% and 60%. This behaviour can be easily duplicated. At 45% certainty, one site I was eventually allowed to view included the following text warning on the screen. I verified the warning in the frame source text and not a graphic.

This site contains sexually explicit material and is intended solely for adults only!

This indicates to me there is a serious consistency issue with this products artificial intelligence. Any comments?
Randy Baker
 
Posts: 31
Joined: Nov 09 07 5:28 pm

Re: PureSight filtering questions

Postby ChrisH » Nov 18 07 3:27 am

ggiebler wrote:
2. There are a number of sights which can allow users to bypass the content filters, e.g., https://www.megaproxy.com. Is there a way to prohibit users from using such sights. Putting megaproxy in the ban list does not prevent users from going to that sight since it begins with https://.

Unfortunately there seem to be more and more of these proxy sites using SSL. IMHO the only way to prevent end users from using them is to use the BAN List features of the WWW Proxy service and ban the sites from there. You could use either the Server IP or domain name to ban them. But it does mean constantly updating your list as new proxy sites come on line.
ggiebler wrote:3. I'm having trouble getting the hosts file to work under the DNS/WINS Resolver configuration. I was thinking this might be a good way to ban a number of sights more easily than adding them to PureSight's or WWW Proxy Server's or System Policy's ban lists. I have all clients set up as assumed users based on IP address. No clients are using the Wingate client. Everyone connects via NAT. DHCP is disabled. All clients have fixed IP addresses. Is there something I need to do to get the hosts file to work?

If you have all client traffic going through the WG server WWW Proxy service (either by intercepting traffic or configure client browsers) you can edit the Hosts file on the WG server to do what you wish. IMHO though this is just another list, so why not use the list in WG WWW Proxy service? Ensure that in the DNS/WINS Resolver Configuration (in GateKeeper) the Lookup names in the system HOSTS file box is checked if you are going to try this approach.
Chris H.
ChrisH
WinGate Master
 
Posts: 388
Joined: Sep 13 03 1:38 am
Location: Canada

Re: PureSight filtering questions

Postby Fig » Nov 22 07 3:21 pm

ggiebler wrote:1. Some forbidden Web pages filtered by PureSight will load if you keep refreshing your browser. For example, I have the Sex filter in PureSight set to 10% certainty. Any lower than that, and it seems that too many legitimate sites get blocked. If I try to load playboy.com, it initially gets rejected by PureSight as having a very high likelihood of containing prohibited content (86%). Subsequent refreshings of the browser result in its being rejected, but with ever lower likelihoods of containing prohibited content, until finally it does in fact load in the browser.


Has anyone addressed this issue? It concerns me. I have verified that this is a problem, at least with the creation of policies and their being inforced. 5 refreshes (hitting F5) and I was able to get into something that had been blocked previously.
Fig
 
Posts: 3
Joined: Nov 22 07 3:13 pm

Postby adrien » Nov 22 07 9:40 pm

Hi

We'll have to look into this further, thanks for raising it again.

PureSight 2 has a list of sites that are pre-classified, and I'm surprised that the sites mentioned aren't on the list, which should therefore provide a consistent rejection.

Or are you getting percentages reported back?

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Postby Fig » Nov 28 07 4:31 am

adrien wrote:Hi

We'll have to look into this further, thanks for raising it again.

PureSight 2 has a list of sites that are pre-classified, and I'm surprised that the sites mentioned aren't on the list, which should therefore provide a consistent rejection.

Or are you getting percentages reported back?

Regards

Adrien


This seemed to happen when in the default state of 65% filtering for pornography. I set a policy to filter out a word, and then googled that word. When I went to the website of the first result of the google search, I was blocked, however, hitting F5 3-4 times let me into the website.
Fig
 
Posts: 3
Joined: Nov 22 07 3:13 pm

Postby pgrant » Dec 07 07 4:19 am

Hi

We have a problem with proxies being used to bypass puresight and to get around this we maualy define them as we discover them being used. Why are proxies not something that is blocked by puresight as they can be used to bypass puresight and reduce its effectivness?

Many thanks

Philip Grant
pgrant
 
Posts: 5
Joined: Dec 07 07 3:37 am


Return to PureSight for WinGate

Who is online

Users browsing this forum: No registered users and 3 guests

cron