Hi,
I'm using Wingate 6.1.1 (build 1077) with a system policy for "Everyone" that restrict web access with a ban list. I have this problem. I'd like to ban all site that contain word "AAA" but I'd like to grant the access if the site is "AAA-BBB". How could I do this ?
Ban List
Moderator: Qbik Staff
8 posts
• Page 1 of 1
by ChrisH » Feb 05 06 5:07 am
Hello,
I would suggest that you not use the Ban list Tab in System Policies to restrict sites in this way. Rather, use the Advanced Tab to enter what you want. In your case I would disable the ban list and enable the Specify which requests this recipient has rights for under the Advanced Tab settings and then click Add Filter then Add Criterion and add the following parameters; click on This criterion is met if scroll down in the first drop down box to Server name, second drop down box to contains and in last box enter AAA-BBB. Then press OK. Then add a second filter and criterion but select This criterion is NOT met if and then create Server name contains AAA. Then OK out and save configuration. This should now work for you. Let us know if you need more assistance
I would suggest that you not use the Ban list Tab in System Policies to restrict sites in this way. Rather, use the Advanced Tab to enter what you want. In your case I would disable the ban list and enable the Specify which requests this recipient has rights for under the Advanced Tab settings and then click Add Filter then Add Criterion and add the following parameters; click on This criterion is met if scroll down in the first drop down box to Server name, second drop down box to contains and in last box enter AAA-BBB. Then press OK. Then add a second filter and criterion but select This criterion is NOT met if and then create Server name contains AAA. Then OK out and save configuration. This should now work for you. Let us know if you need more assistance
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by giuliano » Feb 06 06 8:09 pm
I have tryed your suggestion and it works if I apply it to "Everyone". I'd like to apply this policy to a subset of users, so I created a new group and I added the users (assumed by IP address) to that group.
Now I have Everyone "policy" that grants rights for everything and a policy for the new group created as you suggested me.
The result is that AAA and AAA-BBB are still accessable.
Have I to delete the "everyone" policy ?
Now I have Everyone "policy" that grants rights for everything and a policy for the new group created as you suggested me.
The result is that AAA and AAA-BBB are still accessable.
Have I to delete the "everyone" policy ?
- giuliano
- Posts: 33
- Joined: Oct 12 05 7:20 pm
by ChrisH » Feb 07 06 7:02 am
The reason the subgroup is still connecting to other sites is that they are part of the Everyone group by default and thus the criteria (which is no restriction) applies to them as well. Probably the easiest way to apply the restrictions you want is to effectively ban this new group from the Everyone group. To do this add a policy for Everyone group again in the Advanced Tab such that the Filter reads This criterion is NOT met if User is a member of XYZ, where XYZ is the name of the restricted group. Try that and let us know if that works.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
by giuliano » Feb 08 06 5:45 am
I tryed to remove "Everyone" from system policies in order to have only my "Restricted group" but I got a "connection with wingate server terminated" when I try to log on. Have I to keep this group always ? So I must apply all my filter at "Everyone" and create new groups (for example if I don't want that a user is filtered ?)
- giuliano
- Posts: 33
- Joined: Oct 12 05 7:20 pm
by ChrisH » Feb 08 06 12:19 pm
OK .Yes you shouldn't remove Everyone from System policies unless you have another way of logging into Gatekeeper as an administrator. And it will be impossible to log back into Gatekeeper until you make a registry change. See this post on how to do that.
Let's back up a little. As you found out System policies can have an adverse effect on the ability to control WG if they are modified incorrectly. I feel that you would be better suited to apply these policies in one of the other WG services such as ENS (NAT) or WWW proxy. How are your client computers connecting through WG to the internet - by NAT, direct proxy or Transparent Proxy?
Once you get back into GateKeeper you could add the group policy to the appropriate service and ignore the system policy for that service. This way Everyone can still connect to WG and utilise its' services but the sub group will be restricted in their browsing.
Let's back up a little. As you found out System policies can have an adverse effect on the ability to control WG if they are modified incorrectly. I feel that you would be better suited to apply these policies in one of the other WG services such as ENS (NAT) or WWW proxy. How are your client computers connecting through WG to the internet - by NAT, direct proxy or Transparent Proxy?
Once you get back into GateKeeper you could add the group policy to the appropriate service and ignore the system policy for that service. This way Everyone can still connect to WG and utilise its' services but the sub group will be restricted in their browsing.
Chris H.
- ChrisH
- WinGate Master
- Posts: 388
- Joined: Sep 13 03 1:38 am
- Location: Canada
8 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 5 guests