gmail blocking with Web Filter

**Big D** · 04-09-2012, 01:15 PM

v.9.2.0
Web filter
Premium Package
tested from clients site and locally

A client was concerned about gmail so I had them get the premium pack. I get it set up last week and they are reviewing it this week and they found a way into gmail.

google.com > sign in > https://accounts.google.com/ServiceL...ww.google.com/ > log in > click gmail off main google.com page > https://mail.google.com/mail/?tab=wm#inbox > my inbox, hmmm

Now I could go to the firewall and tell it to block the 5 IP addresses that resolve for that mail.google.com or gmail.com. That will work for maybe a week if I am lucky; my luck sucks.

I tried to block the accounts.google.com (google login page) and the mail.google.com/mail and a couple other variants of the url but no luck. I guess it is because the connection is initiated from the allowed site of google.com that it makes it past the web filter, beats me.

**dmorris** · 04-09-2012, 01:30 PM

http://wiki.untangle.com/index.php/W..._block_list.3F

I'd just block GMAIL in Application Control, probably easier.
If you really want to use Web Filter, you'll need to block the "Web Mail' category to block SSL sites.
If you block gmail.com in *might* work if the clients' browsers are nice and decide to use SNI.

**Big D** · 04-09-2012, 01:42 PM

Oh I left of the category screenshot. The web email category is checked on in Web Filter. I tested using the application control to block gmail and I still could get in using the above process.

I don't really care what blocks it, as long as it is blocked.

**jcoffin** · 04-09-2012, 03:59 PM

I've successfully blocked it by
1. Application Control -> settings -> applications -> GMAIL checked tarpit (tarpit is a 9.2.1 feature. Block might work as well.)
2. Create a rule; Application Control -> settings -> rules -> add

a. enabled checked
b. Description: block /IP/TCP/SSL/GOOGLE
c. Add condition Application Control: ProtoChain is /IP/TCP/SSL/GOOGLE
d. Action: Tarpit

**Big D** · 04-11-2012, 12:06 PM

With that rule on it appears the initial attempt is stopped but repeated attempts do get through. I tried with the action on block as well.

**Big D** · 04-12-2012, 09:00 AM

I guess I can fudge DNS and block outbound DNS traffic not originating from the Domain controller. That might work.

Protect

Filter

Perform

Connect

Manage

Add-Ons

Thread: gmail blocking with Web Filter

LinkBack

Thread Tools

gmail blocking with Web Filter

Posting Permissions