Hi,
Is it possible to somehow set an exception for a site that you don't want intercepted?
I have a client that needs to access a website that requires a login. It will only work if going direct with NAT. But the client also uses the KAV which requires all port 80 traffic to be redirected.
Any ideas?
Thanks!
Joan
PS.. from what I've seen the next release of WinGate will allow for this type of policy.. but how about with v6.2.2?
Specify Exceptions to Transparent Redirect?
Moderator: Qbik Staff
9 posts
• Page 1 of 1
Specify Exceptions to Transparent Redirect?
by ccsoftware » Jan 08 08 7:18 am
- ccsoftware
- Posts: 10
- Joined: Dec 06 07 9:31 am
by adrien » Jan 08 08 11:49 am
Hi Joan
WinGate 6.2.2 doesn't have per-destination control over intercepts, only based on destination port (i.e. the intercept port).
So it's not currently possible to do this.
we are working on much more flexible rules about when / what to intercept etc, tied in with source-routing. Basically will be able to choose an action, being
a) Forward packet unmodified (route or forward to specific gateway)
b) modify packet then forward (NAT and/or redirect)
c) block
d) intercept
based on parameters of the connection and IP / client, e.g. based on source IP, dest IP, port numbers, time of day, user etc.
This will allow you to specify explicitly what gets intercepted or what. For instance you could choose to intercept certain sites for certain users etc. Also be able to apply restrictions, e.g bandwidth restrictions on this basis.
due to the changes involved in all of this, we can't really put it into the 6.x development tree at the moment.
Cheers
Adrien
WinGate 6.2.2 doesn't have per-destination control over intercepts, only based on destination port (i.e. the intercept port).
So it's not currently possible to do this.
we are working on much more flexible rules about when / what to intercept etc, tied in with source-routing. Basically will be able to choose an action, being
a) Forward packet unmodified (route or forward to specific gateway)
b) modify packet then forward (NAT and/or redirect)
c) block
d) intercept
based on parameters of the connection and IP / client, e.g. based on source IP, dest IP, port numbers, time of day, user etc.
This will allow you to specify explicitly what gets intercepted or what. For instance you could choose to intercept certain sites for certain users etc. Also be able to apply restrictions, e.g bandwidth restrictions on this basis.
due to the changes involved in all of this, we can't really put it into the 6.x development tree at the moment.
Cheers
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by adrien » Jan 08 08 11:50 am
P.s. so auth isn't working to one site?
Does this site use NTLM do you know?
Normally Auth should work through WinGate (even intercepted) fine. If the customer is also requiring auth at the proxy, then it may help to set the client machine to connect to the proxy rather than be intercepted.
Adrien
Does this site use NTLM do you know?
Normally Auth should work through WinGate (even intercepted) fine. If the customer is also requiring auth at the proxy, then it may help to set the client machine to connect to the proxy rather than be intercepted.
Adrien
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
by ccsoftware » Jan 11 08 8:50 am
Hi Adrien,
They have no authentication requirements set.
I don't know whether the site uses NTLM or not. The browsers are set to "enable integrated windows authentication".
I tried setting the browser to go direct through the proxy but it still doesn't go.
Nothing pops out in the logs.. just shows server closing connection.
I think another factor that might be at work is the presence of the AV plugin. Although I did try disabling that and still no luck. But the reason I mention that is that I'm able to login from my own pc going through the proxy service.. but I don't have the av plugin on our setup.
Any further ideas?
If you like I can give you a test login for you to try at your end, just let me know and I'll send direct to you.
Thanks!
Warm Regards,
Joan
They have no authentication requirements set.
I don't know whether the site uses NTLM or not. The browsers are set to "enable integrated windows authentication".
I tried setting the browser to go direct through the proxy but it still doesn't go.
Nothing pops out in the logs.. just shows server closing connection.
I think another factor that might be at work is the presence of the AV plugin. Although I did try disabling that and still no luck. But the reason I mention that is that I'm able to login from my own pc going through the proxy service.. but I don't have the av plugin on our setup.
Any further ideas?
If you like I can give you a test login for you to try at your end, just let me know and I'll send direct to you.
Thanks!
Warm Regards,
Joan
- ccsoftware
- Posts: 10
- Joined: Dec 06 07 9:31 am
by adrien » Jan 17 08 10:27 am
Hi
Looks like you get a 100 Continue interim response to the POST command that is sent when you hit the login button, then nothing further.
I need to do a bit more digging, but could be a problem with 1XX message series processing in the proxy.
Looks like you get a 100 Continue interim response to the POST command that is sent when you hit the login button, then nothing further.
I need to do a bit more digging, but could be a problem with 1XX message series processing in the proxy.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
Exception in banlist
by amolkuber » Apr 28 08 8:40 pm
Hi, I have users with banlist enabled .thebanlist contains 'HTTP URL CONTAINS JOBS' So whenever the user request any url which contains job/jobs is denied by wingate. Now i want only timesjob to be accesed for my users. but not other url which contains job/jobs.
- amolkuber
- Posts: 10
- Joined: Apr 21 08 8:17 pm
by logan » Apr 29 08 3:18 pm
Although I don't see how your question relates to the topic in this thread, you could simply make a new policy in the WWW Proxy that allows access to sites containing timesjob.
1. GateKeeper -> Services -> WWW Proxy Server -> Policies
2. Click Add
3. Goto the Advanced tab
4. Select Specify which requests this recipient has rights for
5. Click Add Filter
6. Click Add Criterion
7. Select
- This criterion is met if
- HTTP URL
- contains
- timesjob
8. Click OK, then Apply to finalise the change.
1. GateKeeper -> Services -> WWW Proxy Server -> Policies
2. Click Add
3. Goto the Advanced tab
4. Select Specify which requests this recipient has rights for
5. Click Add Filter
6. Click Add Criterion
7. Select
- This criterion is met if
- HTTP URL
- contains
- timesjob
8. Click OK, then Apply to finalise the change.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 4 guests