Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35
  1. #21
    Newbie
    Join Date
    May 2020
    Posts
    4

    Default

    Quote Originally Posted by propellherhead333 View Post
    I think no home should be without Untangle and echo what the others have said. The best $50 / year you'll ever spend.

    For Ads, set yourself up a pihole server. It's free and I've yet to see anything work as good. It also has some blocking options as well via DNS queries. It runs on next to nothing. I have one on a raspberry pi and another in a debian container so I can reboot one or the other without affecting the network.
    Do you find adding a pihole blocks ads better than the adblocker feature of Untangle?

  2. #22
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,954

    Default

    Quote Originally Posted by thetx View Post
    Do you find adding a pihole blocks ads better than the adblocker feature of Untangle?
    Yes, PiHole is better than AdBlocker, but it's NOT better than the Web Advertisements category in Web Filter. It does however provide an easier interface to enable ads on specific things so they keep working. So choose your poison.
    thetx likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #23
    Untangler
    Join Date
    Sep 2019
    Location
    Canada
    Posts
    39

    Default

    Quote Originally Posted by thetx View Post
    Do you find adding a pihole blocks ads better than the adblocker feature of Untangle?
    Yes. But I still use adblocker and webfilter to supplement and block in different ways for different reasons. I have all the ad categories checked off in the untangle apps and today they blocked 25 ads. pi-hole blocked 7324 as of this post today. Disclaimer though, things may be getting blocked before they hit the untangle apps.

  4. #24
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    I had Untangle with Adblocker ON and SSL Inspection and sadly it did nothing to prevent Ads... - Think that the App needs an update or a cool way to add blocklists like in Pi-Hole

    Web-Content Filter is super nice and a great feature but highly relies on SSL-Inspection to work as intended - Tested with https://www.sophostest.com/ - Without SSL Inspection all of that goes thru... -.-

    Best regards
    Val.
    Armshouse likes this.

  5. #25
    Untangler
    Join Date
    Apr 2020
    Location
    United Kingdom
    Posts
    63

    Default

    Quote Originally Posted by Valvaris View Post
    Web-Content Filter is super nice and a great feature but highly relies on SSL-Inspection to work as intended - Tested with https://www.sophostest.com/ - Without SSL Inspection all of that goes thru... -.-.
    Funny... I just tried this site and sure enough, without SSL Inspector it all passes. However, I edited the URL to visit the non-https version on a category I do have blocked and Untangle didn't scream - the Sophos endpoint protection on my laptop did though... Maybe it's more as they say: This test site contains pages classified by SophosLabs for the purpose of testing our web security and control products. With the emphasis on our?

    Screenshot 2020-06-06 at 20.23.20.png
    Jim.Alles likes this.

  6. #26
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,044

    Default

    Quote Originally Posted by Valvaris View Post
    Web-Content Filter is super nice and a great feature but highly relies on SSL-Inspection to work as intended - Tested with https://www.sophostest.com/ - Without SSL Inspection all of that goes thru... -.-

    Best regards
    Val.
    Without doing any extensive testing, Web Filter does nothing with SSL Inspector enabled.

    I realize that I'm not on the same page as knowledgable members here, but if Web Filter depends on SSL Inspector to see domains in HTTPS traffic, then the SNI and certificate features of Web Filter are all but meaningless. Web Filter must know the TLD at least to convert it to a category and check it against the enabled filters. So again, if, as some here argue, Web Filter is blind to domains in HTTPS requests, then the SNI and certificate features contribute little, if anything.

    That said, testing against the Sophos test site doesn't establish things one way or another, since SSL Inspector makes no difference under the adult category, at least.

  7. #27
    Untanglit
    Join Date
    May 2020
    Posts
    25

    Default

    Hello @Sam Graf,

    I did multiple tests with Webfilter and SSL Inspection does not effect Webfilter "I think" is wrong. Maybe I am wrong as well but why do I have a different result then?! My DNS is Untangle and my DNS Traffic is going forcefully to it as well. Thanks to the Portforward rule from the community. The other part that can effect DNS Traffic is DoH that can go over Port 853!

    The reason is not only Adult Content but critical things like "Call Home" and multiple category's even the Eicar Test file had issues. I had better results with SSL Inspection on then without on multiple sites. I just referenced "Sophos Test Site" coz it is easy to reconstruct for all.

    @Armshouse that is true but Untangle does a great job blocking ^^ I only had issues with SSL Inspector off...

    Best regards
    Val.

  8. #28
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,044

    Default

    Quote Originally Posted by Valvaris View Post
    Maybe I am wrong as well but why do I have a different result then?!
    I think that’s an excellent question and point. We have a handful of views on how Web Filter works, or should work, we have inconsistent results as we do our individual tests, and it’s all very confusing.

    My own opinion is the community needs to figure out a way to rigorously test Web Filter with repeatable results among different users/system configurations. For instance, I’m not sure Web Filter relies on DNS. I think it relies on a plaintext version of the URL and then looks it up in its own resource. But do I know that for sure? I don’t.

    Lots of good questions here.
    Valvaris and thetx like this.

  9. #29
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,954

    Default

    Web Filter monitors TCP sessions that terminate on 80 or 443. It's really not that complicated. It gathers what information it can, and filters with it. SSL Inspector (if configured correctly) provides more information.

    That is all... There is no more, or no less to understand.

    I do not find the use of SSL Inspector as worth the effort. Web Filter still works even if the client does DNS over TLS, because it doesn't need nor care about the DNS request the client made. All it cares about, is the HTTP/HTTPs sessions the browser makes to access the resource in question.

    3rd party testing sites, such as the Sophos site linked here have a high frequency of building intentionally built to make the product they belong to look better than it actually is. And because the site is harmless, there's no reason for other vendors to mark said site as "malware" or whatever... so you can't use them to test against reliably.
    Last edited by sky-knight; 06-06-2020 at 03:55 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #30
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,044

    Default

    Quote Originally Posted by sky-knight View Post
    That is all... There is no more, or no less to understand.
    I’m not disagreeing with you, but the disparity in results, even among the testers in this topic, is yet to be understood, it seems to me.

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2