Results 1 to 8 of 8
  1. #1
    Newbie
    Join Date
    Sep 2008
    Location
    Cary, NC
    Posts
    12

    Default Override Web Filter

    On a PC-by-PC basis I'd like to be able override the Web Filter for X minutes triggered by...

    1. a password-protected override link / button on the block page

    - or -

    2. an external admin console which has the ability to communicate with the untangle server and enable / disable a static IP address in the Client Pass List

    From what I can tell the foundation is in place. All that's left is writing an enhancement to the Web Filter node to support Option 1 or writing an API which will enable intercommunication with external applications to support Option 2. Am posting here to solicit feedback on how to do this or at least get started?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,004

    Default

    welcome!

    1) I think you'd need to program that into the block page itself. I'm not sure where this code lives, but the button to bypass already exists - it would just need to be password protected.

    2) You'd probably need to wait until 6.0 (has a different command-line interface than 5.4). After that you could just create an app which adds to the pass list by running the command line based on whatever criteria you like...

    If you attempt either I'd suggest jumping on the developer list at lists.untangle.com
    We would love to help...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Sep 2008
    Location
    Cary, NC
    Posts
    12

    Default

    Quote Originally Posted by dmorris View Post
    1) I think you'd need to program that into the block page itself. I'm not sure where this code lives, but the button to bypass already exists - it would just need to be password protected.
    Where / how do you enable the bypass button? Is it in the General Settings tab...setting the quick-bypass to temporary? Am not behind my test server at the moment or would give this a try.

    TIA

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,004

    Default

    Quote Originally Posted by rgschultz View Post
    Where / how do you enable the bypass button? Is it in the General Settings tab...setting the quick-bypass to temporary? Am not behind my test server at the moment or would give this a try.

    TIA
    Yep, setting to temporarily adds a button that will allow all users being filter by that web filter to temporarily bypass for that site.

    the other setting allows it to be permanently passlisted.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Newbie
    Join Date
    Sep 2008
    Location
    Cary, NC
    Posts
    12

    Default

    dmorris -

    THANKS for the tip on the Command Line Interface (NUCLI)! Was able to do exactly what I want to do using the following command...

    /* NUCLI command:
    /* webfilter <TID> add passlist [item-type:url|client] item [pass:true|false] <description>
    /*
    /* Example: Disable filter for TID = 3 and IP = 192.168.1.100
    /*
    webfilter 3 add passlist client 192.168.1.100 true
    /*
    /* Example: Enable filter for TID = 3 and IP = 192.168.1.100
    /*
    webfilter 3 add passlist client 192.168.1.100 false
    This leads to another question. How can I...

    1. Open an authenticated terminal session with the untangle server from an external system
    2. Send a command to "enable/disable" the web filter as outlined above
    3. Close the terminal session

    TIA!

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Mateo, CA
    Posts
    13,004

    Default

    rgschultz,

    just fyi, NUCLI will change syntax in 6.1 i think

    I'd use ssh or a web app to do #1, 2, 3
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Sep 2008
    Location
    Cary, NC
    Posts
    12

    Default

    Hi dmorris -

    Tested the CLI over SSH and sucessfully enabled / disabled webfilter for specific IP. Since my goal is to communicate this command to the UT server from another workstation on the LAN I would like to do it by issuing one SSH command. Example...

    SSH root@192.168.1.5 "nucli; webfilter add passlist client 192.168.1.100 true; exit; exit"

    Problem with this is that SSH launches the first command, nucli, but then nucli takes over until its exited at which time SSH tries to execute the remaining commands which it obviously doesn't understand. With the goal of doing this in one pass does loadrules act as a nucli argument in which the designated file contains the webfilter command outlined above? For example...

    SSH root@192.168.1.5 "nucli loadrules webfilter unfilterpc1.txt"

    unfilterpc1.txt would contain a webfilter command such as...

    webfilter add passlist client 192.168.1.100 true

    TIA!

  8. #8
    Newbie
    Join Date
    Sep 2008
    Location
    Cary, NC
    Posts
    12

    Default

    Scratch that last post! Looked at the documentation closer and loadrules is after you've established a nucli session. So the question should be...

    Is there any way to call nucli with a sequence of commands you would like it to run?

    TIA!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2