Results 1 to 5 of 5
  1. #1
    Master Untangler
    Join Date
    Jan 2011
    Posts
    110

    Default Firefox https being passed through filters

    Hello, I am having an issue where the web filters are correctly identifying and logging sites (aka facebook) as flagged, blocked, TRUE...... but it is still allowing https://facebook.com

    edit: I thought it was just Firefox having issues but I can bypass with other browsers as well by searching in google for https://facebook.com/login.php

    Any suggestions for me to look at?
    Last edited by bluesky; 01-29-2013 at 11:01 AM.

  2. #2
    Master Untangler
    Join Date
    Jan 2011
    Posts
    110

    Default

    I will put this in web filter thread as it may be more relevant to discuss there.

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    The event log and/or session viewer will show you exactly whats going on.

    Here is how it works: http://wiki.untangle.com/index.php/W...#HTTPS_Details
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler
    Join Date
    Jan 2011
    Posts
    110

    Default facebook https bypassed in web filter

    Hello, I am having an issue blocking facebook using web filter (paid), also trying to do it with along with Application Control.

    In webfilter, I have checkmarks for Categorize by IP and Categorize SNI. I also have checkmarked Block IP only hosts.
    I obviously have Social Networking blocked in webfilter.

    When I go to www.facebook.com it is blocked
    When I go to https://facebook.com it will time out.
    When I go to https://facebook.com/login.php it will time out.
    However, if I do a google search for https facebook login, and click on https://facebook.com/login.php, then it will load facebook and be useable from that point forward.

    In the https event log, it is correctly identifying the social networking as blocked TRUE..... however it is allowing urls such as https://216.168.105.87 as MISC. These point to nowhere, but obviously have something to do.

    This problem started happening about a month ago, however it did not become a "widely known" exploit until recently when I discovered how it was being bypassed.

    We are running the latest Untangle distro.

    Any ideas?

  5. #5
    Master Untangler
    Join Date
    Jan 2011
    Posts
    110

    Default

    Quote Originally Posted by dmorris View Post
    The event log and/or session viewer will show you exactly whats going on.

    Here is how it works: http://wiki.untangle.com/index.php/W...#HTTPS_Details
    Thanks, I think I have found the culprit..... I was doing some reading in another post regarding OpenDNS, and it got me to thinking about our Primary DNS settings.

    Sure enough, the Primary DNS had reverted back to the default ISP provider, which seems to have issues reporting certain traffic. I manually switched it over to Google DNS, and problem appears solved.

    Maybe this post will help somebody else later on which this issue to check/change their Primary DNS settings.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2