Results 1 to 10 of 10
  1. #1
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,178

    Default Adding Client/Server Country?

    Would it be possible to add Client and Server country option to Threat Prevention rules?
    SanC.PNG

    Currently we are having issues where "Suspicious" traffic is being blocked as "High Risk" (Support dose not know why)
    And if I could whitelist ex Sweden/Finland/Denmark we could live with and keep Threat Prevention.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,294

    Default

    I would add this to https://feedback.untangle.com/
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    169

    Default

    Yeah this is good request. If you start it i will follow @WebFooL

  4. #4

  5. #5
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    169

    Default

    Quote Originally Posted by WebFooL View Post
    I am waiting to pass moderation as a request.
    wbennett77 likes this.

  6. #6
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,400

    Default

    If it gets over 1000 votes they might think about it. LOL

  7. #7
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,178

    Default

    This is growing in to a real issue for me so I might have to start poking in to the code or just drop the app..
    Still categorizing Sus IP's as "High risk" and nobody cares..

  8. #8
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    169

    Default

    Still waiting moderation

    I haven't said it when you first posted your request but this is my main problem also with threat prevention. Basically in the company i have also a web server that pass throw untangle and in the life of me it blocks almost 70% of the users that are try to connect (mainly i have a forum in the server and a tracker site). Most of this users are VDSL with rolling ip in their homes so most of the times their IP's are categorised as high risk and thus untangle blocks them.

    As a result i have the bar in the threat management to None and in rules i have created this rule and works so far with less security but i dont have any other way to use thread prevention.

    ThreadPreventionRules.jpg
    dwasserman likes this.

  9. #9
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,351

    Default

    Great!!, tomorrow i will try it. You dont have more false positives?
    The world is divided into 10 kinds of people, who know binary and those not

  10. #10
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    169

    Default

    Quote Originally Posted by dwasserman View Post
    Great!!, tomorrow i will try it. You dont have more false positives?
    Nope, basically i got rid of the unknown that was catched as positive which was the problem in the 1st place.

    Someone more knowledgeable can chime in... maybe what i do is a mistake but i see in thread prevention that blocking the above things that i blocked to be blocked in reports.

    Threat Prevention scanned 69922 web sessions of which 700 were blocked.
    Threat Prevention scanned 430254 non-web sessions and flagged 51583 sessions of which 3501 were blocked.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2