I was at one of my site I admin the other day and something I thought was rather odd. I had one guy ask me to unblock a site. I looked over and sure enough - he couldn't get to the site and it gave him the typical web blocker page. The guy next to him said, "Have you tried getting to it through Google?" and proceeded to show how he was doing it. It wasn't any crazy hack either. He merely made a search, saw the site listed on Google and clicked on it. It opened just fine. I didn't have him test a boat load of sites but he seemed to think he could get to most sites he wanted to get to. I tested this a while back when I thought people would just go behind my back and try to use a proxy server in their browser. I did a search, on Google, for public proxies and started clicking. I clicked on every link on the first three pages and got the blocker page thrown at me. I figured the average person wouldn't try much more than that so I let it go and figured I was golden! :cool:

I have 2 racks set up - one for MANAGERS and one for the GRUNTS. This guy wasn't using a static IP like the rest of the managers use. How was he getting to these sites? Again, I didn't start rattling off sites for him to test for me as those I've tested were crude and I know I didn't want them flashing up on the screen as a customer went by. Nonetheless, I don't want to block Google and other search engines so how can I stop this.

12-06-07
0856 EST
Rob @ HomeNet

I know we have a porn block in place, so I tried doing the Google method for Playboy, Penthouse and Hustler web sites, and they are blocked. I guess I need more info.....

If google give you results backs like ... playboy1.com, etc... of course the web blocker is not going to do anything.

An easier one is to find the ip address of the site and go straight to it.

I know we have a porn block in place, so I tried doing the Google method for Playboy, Penthouse and Hustler web sites, and they are blocked. I guess I need more info.....

One of the sites was tirerack.com.

They are a car dealership and their parts guys need to get things now and then. They use Google to find odd-ball items. Some sites are blocked and some are not.

12-06-07
0955 EST
Rob @ HomeNet

I don't mean the user...I mean the sites they are able to get to.

Are you sure the guy didn't click on the Google cache link to view a cached version of the page? I don't know too much about how Google cached links work, but I assume they are cached on Google's own servers, and therefore wouldn't be caught by the normal content filters?

Yeah, I think that they were clicking on the cached pages...not the actual links...Which means that google only stores a portion of the page, that gets updated automatically periodically.
For example,I blocked sports, tried espn no luck. Google search. Espn link, no luck. But the cached version passed through, but once you click on a link on the page it's not cached and doesn't get through....

Yeah, I think that they were clicking on the cached pages...not the actual links...Which means that google only stores a portion of the page, that gets updated automatically periodically.
For example,I blocked sports, tried espn no luck. Google search. Espn link, no luck. But the cached version passed through, but once you click on a link on the page it's not cached and doesn't get through....

Yeah, I only saw it once and am not on site to test further. However, Im pretty sure I saw him click on a real link...not a cached link. Perhaps the page is still cached on his machine? Like I said, I did the thing where I searched for proxies and I couldn't get through so maybe it was cached or maybe it was a fluke. I worry about the caching thing though as the new firewall has been in place for a couple months. If cached pages are still being served after not having true access to them for a month or better, we could have problems as far as the people getting good info for their customers. I'll keep an eye on things for now... Other than using a proxy, are there any other ways for the average person to get around the blockers? The "average person" would be one who can read Google-searches for How-To articles.

12-06-07
1719 EST
Rob @ HomeNet

Caches don't last that long. As far as getting around the blockers, ask any kid with a computer at home. They're always smarter than their parents, even if they don't say as much.

Caches don't last that long. As far as getting around the blockers, ask any kid with a computer at home. They're always smarter than their parents, even if they don't say as much.

I know it's kinda off-target but I'm with you on the kid thing. I already have plans of keeping my kids off the web after a certain hour of the evening. There'll be some serious policies on that Untangle box!

I don't claim to know how to write regular expressions, but... just playing with this. It has worked so far. Simply creating a new Protocol Control rule with only q=cache as the signature blocks google cache. Now I'm sure there is probably a better way to create a signature for this but try it on a nonproduction network first.

Did you mean under web filter URL list rather then protocol control, my whole network stopped when I added that rule to protocol control. :)
I figure you meant under web filter, but it doesn't look like that is working with the wild card stuff.....
What I found was that they are using it seems to be the same IP address for the cached sites, which makes sense, probably a huge server farm. And it comes up with an IP instead of a domain, so I put the IP in the web filter and it seems to stop it all so far.........

No. I meant Protocol Control. with q=cache as a protocol control signature I have been able to do everything else online. I am posting this message with it enabled. I figured that adding an IP address that you would not consistently get the same IP address every time. Now if you knew all the addresses they use for caching servers then I think it would work.

Try the Protocol control again and let me know if it kills your connection.

That is a q as in Queen. Or just copy and paste it.

I did it in the protocol not the signature part:rolleyes: ...........that works though, yeah for sure, good save. Probably a better thing then the IP, although from what I can tell so far, google uses the same IP so far on it.........but still, this is pretty slick:)

Well it's probably not the best solution in the world, but it works. You don't get the purdy web content block page though.

Surely google has more than one IP handling the cache content. Maybe not though.

Well it's probably not the best solution in the world, but it works. You don't get the purdy web content block page though.

Surely google has more than one IP handling the cache content. Maybe not though.



I did so but does not work! You have suggestions
Protocol List |protocol |block |log|description |signature
Chat Google |google cache |ok |x |google chat| q=cache

thanks

This wasn't meant to block Google Chat... only google cache

Sorry I did confusion!
Gmail to block chat you have some ideas?

If you mean to block google talk, they are using Jabber protocol. You can try protocol blocker module to stop that one.

Sorry I did confusion!
Gmail to block chat you have some ideas?

I blocked.
But does not block chat gmail

I blocked.
But does not block chat gmail

Having not tried this yet, I can't say for sure. However, I'm having similar problems blocking certain things like Limewire and whatnot. Even though you have it set to block in the protocol list, some things still get through. My guess is that many of the software designers are expecting to be blocked by folks like us. SSL is a common way of getting around blockers like Untangle & Sonicwall.

04-10-08
0813 EDT
Rob @ HomeNet

The only other setting we came across was under "Web Filter" - you need to block and log anonymous surfing. Hope this helps.