Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18
  1. #11
    Master Untangler Kyawa's Avatar
    Join Date
    Dec 2016
    Location
    Maryland
    Posts
    446

    Default

    I drove, and still drive people, nuts around here as well. There is a fantastic group of people here that are very helpful. I couldn't use Untangle without these folks.

  2. #12
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    898

    Default

    Quote Originally Posted by buggs1a View Post
    Now. Why? It should load first. Not what actually happened.

    This is what I mean about patience and being in over my head. Ugh.
    First, let me say that I rarely use Alphabet/Google products so I can't directly compare experiences. If absolutely necessary I have installed Chromium, but I don't really have the patience to go through the privacy settings if the payoff is low.

    Second, you're claiming to know very little but still deciding what should or should not be happening. I'm not sure how you can know what should or should not be happening, and I can't help with patience.

    That said, let's see if we can see what's happening in the case of playboy.com. Firefox immediately says this:
    Firefox detected a potential security threat and did not continue to playboy.com [emphasis mine].
    Notice that Firefox gets between me and playboy.com. Untangle never even sees the request, so how can any Untangle app respond?

    What am I learning? I have SSL Inspector installed so that means I've installed Untangle's certificate into Firefox. When Firefox says the reason it intervened in my request to playboy.com is
    Error code: SSL_ERROR_BAD_CERT_DOMAIN
    I start to think, I bet that if I view the certificate I'll see the Untangle certificate. And sure enough, that's the certificate Firefox doesn't like when interacting with playboy.com.

    I tell Firefox that's fine, I'll take the risk, please send my request to playboy.com. Which means sending it through Untangle. For the very first time Untangle sees my request and responds properly.

    So to me, in the case of playboy.com this is exactly the sort of behavior I would expect given the certificate problem.
    Last edited by Sam Graf; 12-27-2019 at 07:39 AM.
    Kyawa likes this.

  3. #13
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    898

    Default

    Now, let's see what else we can learn. If I grab an iOS device and, using Safari, I try playboy.com, I immediately hit the Untangle block page. There is no certificate error.

    Without knowing why, I learn that Firefox and iOS Safari, or perhaps iOS itself, handle the certificate process differently. That's not entirely unexpected if I remember that I explicitly told iOS to absolutely trust the Untangle certificate.

  4. #14
    Master Untangler
    Join Date
    Jan 2008
    Posts
    245

    Default

    I donít know what should happen but itís just what I think based on the info I have at hand that I have seen.
    Example. In web filter the category for image and video search. The info says to me that image and video searches for search engines will be blocked. To me this is common sense based on what it says for that category. But this blocking isnít happening.

    Ok. So if the lack of blocking is from something to do with certificate then Iím confused. Because when I tried a tplink archer ac4000 it blocked correctly on mobile. Itís block page loaded on the sites I test.

    I donít know anything about what you mentioned Sam. I donít know anything about certificates. Sorry.

    Ok. Hereís one thing about getting the site not secure message from playboy. This doesnít happen when web filter or any filter is off. So I donít see how it has anything to do with untangle or other filters not seeing the traffic first. Because the only way to get that site not secure is with filtering on.

    But right now Iím just asking questions. I think web filter is doing ok mostly. Except for the free stream site I mentioned and getting improper images and videos load when searching.
    Last edited by buggs1a; 12-27-2019 at 09:04 AM.

  5. #15
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    898

    Default

    Quote Originally Posted by buggs1a View Post
    I don’t know what should happen but it’s just what I think based on the info I have at hand that I have seen.
    Example. In web filter the category for image and video search. The info says to me that image and video searches for search engines will be blocked. To me this is common sense based on what it says for that category. But this blocking isn’t happening.

    Ok. So if the lack of blocking is from something to do with certificate then I’m confused. Because when I tried a tplink archer ac4000 it blocked correctly on mobile. It’s block page loaded on the sites I test.

    Again, I can only investigate with what I have and what I know. Firefox says it objects to the discrepancy between playboy.com and untangle.com domains for security purposes. I don't interpret that as a lack of blocking on Untangle's part. Clearly iOS handles things differently at the certificate level and goes right to the Untangle block page.

    I suspect I've oversimplified things by saying Untangle doesn't see the request at all, but whatever it does see comes before the actual web page request can hit and be processed by Web Filter. How do I know? Because Firefox says so. Because iOS doesn't do what Firefox does by handling certificates differently. In both cases we hit the block page when the HTTPS request gets to Web Filter.

    So we're chasing the certificate handling process around and I'm not sure why. It clearly doesn't imply lack of blocking.

    I'm not sure about search engines. I have "Enforce safe search on popular search engines" enabled and never have had a problem, but I've read here from time to time that when Google changes the API, things break. As far as i know, currently nothing is broken so it should work as expected.

    But keep in mind that the third party filtering engine Untangle uses is a reputation=based filter, not a content filter. So if I search "sexual intercourse" (using DuckDuckGo) down in the list of search results is a Shutterstock return on images under its sexual-intercourse category. These are not explicit and clearly the Shutterstock search page doesn't have a bad reputation, but the results may still be deemed objectionable. So the next step would be to see if Untangle can help me with that sort of problem.

  6. #16
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,038

    Default

    Probably just browser caching now, given the description.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #17
    Master Untangler
    Join Date
    Jan 2008
    Posts
    245

    Default

    I want to thank all of you so much.
    I dont have the device now. I didn't want to mess with it and with what I'm trying to do personally I couldn't keep it.

    I am thinking now that there's nothing out there that will work for me. Probably better I just give up my modem and smartphones then.

    Truly thank you all.

  8. #18
    Master Untangler Sam Graf's Avatar
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    898

    Default

    You're welcome. Sorry we couldn't be better help. The best to you.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2