Hi, I´m starting out with Wingate (v. 6.0.4). I´ve been successful in setting up ban lists but it´s too easy to get around them - just set the browser to connect directly. It´s obvious that there must be a way to block non-proxy/direct requests but it just doesn´t work.
Here´s what I have set up (under www proxy server):
- Server Requests: reject request
- Connection: Directly
- Policies:
--"User can access this service"
--"Recipient: Everyone; Rights: Restricted by request"
-Properties for recipient Everyone:
Under Advanced Tab: Filter 1->Is non-proxy request is FALSE *
* Here I´ve tried several configurations for non-proxy request in case I was confusing what is allowed/disallowed. I even found what I think is a Bug: when you edit the Is non-proxy request changing it either to TRUE or FALSE, a input box opens to the right and complains if you click OK without typing anything in it... but that´s another matter.
I thought of installing Zone Alarm and blocking everything except wingate from accessing port 80, but that shouldn´t be necessary.
Where am I going wrong?
TIA for any help!
Vinicius[/list]
Help with Blocking non-proxy requests
Moderator: Qbik Staff
4 posts
• Page 1 of 1
Help with Blocking non-proxy requests
by Viko » Oct 21 05 3:02 am
- Viko
- Posts: 2
- Joined: Oct 21 05 12:44 am
by adrien » Oct 21 05 10:13 am
Hi
the non-proxy request criteria is designed for if someone treats WinGate like a web server rather than a proxy.
If your LAN clients are getting around your policies by connecting directly, how are they connecting to the Internet? Is this NAT connections?
If so, you should be able to just intercept them (sessions tab in the WWW proxy), and enforce your policies there. I would remove the non-proxy requests policy though.
adrien
the non-proxy request criteria is designed for if someone treats WinGate like a web server rather than a proxy.
If your LAN clients are getting around your policies by connecting directly, how are they connecting to the Internet? Is this NAT connections?
If so, you should be able to just intercept them (sessions tab in the WWW proxy), and enforce your policies there. I would remove the non-proxy requests policy though.
adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by Viko » Oct 21 05 2:18 pm
Hi Adrien,
Thanks for taking your time to help me out.
Ok, so these are the things I did to make things work like I wanted:
1. Disabled NAT under Extended Networking (System Services)
2. Added port 80 under the Transparent Proxy (WWW proxy, Sessions Tab)
I haven´t had much time to test it better, but it seems that not doing BOTH the steps above didn´t have the effect I wanted. But then again, I´m just starting out.
Thanks again for the help!
Vinicius
Thanks for taking your time to help me out.
Ok, so these are the things I did to make things work like I wanted:
1. Disabled NAT under Extended Networking (System Services)
2. Added port 80 under the Transparent Proxy (WWW proxy, Sessions Tab)
I haven´t had much time to test it better, but it seems that not doing BOTH the steps above didn´t have the effect I wanted. But then again, I´m just starting out.
Thanks again for the help!
Vinicius
- Viko
- Posts: 2
- Joined: Oct 21 05 12:44 am
by Nev » Oct 21 05 8:19 pm
Hi,
One thing you can do is leave NAT and T/r enabled.
That way NAT traffic will be 'T/r or transparently redirected' to the proxy and your policies will apply to say ban a particular site, page or whatever is your choice in WWW proxy policies.
If so, users who chose 'direct connection' for their browser will be affected by the policy.
Hope this helps.
One thing you can do is leave NAT and T/r enabled.
That way NAT traffic will be 'T/r or transparently redirected' to the proxy and your policies will apply to say ban a particular site, page or whatever is your choice in WWW proxy policies.
If so, users who chose 'direct connection' for their browser will be affected by the policy.
Hope this helps.
--
Nev.
Nev.
- Nev
- WinGate Guru
- Posts: 861
- Joined: Sep 22 03 11:35 pm
- Location: Mudgee ~ NSW ~ Australia
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 5 guests