Page 1 of 2 12 LastLast
Results 1 to 10 of 19
  1. #1
    Untangler
    Join Date
    Mar 2015
    Posts
    78

    Default Block all Website Except GMAIL

    Hello there.

    I would like to ask for your assistance regarding my problem.

    My boss asked me to block all internet access except for gmail. I already blocked all categories under web filter and added gmail.com, mail.google.com and accounts.google.com under pass sites but I still can't access gmail.

    Upon trial and error, I added google.com under pass sites and it worked so I'll leave it that way.

    My question is how to block google search? I would like to block all searches that will happen under google.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Are you using HTTPS Inspector? The approach to take is going to greatly depend on that.
    If you are not, you'll likely just need to allow all of google. Without it you'll only be able to see that its an SSL connection to some google service and your choice will either be to allow it or block it. You won't be able to see the content in the session.


    I would remove google.com from the pass list.

    Then test and see what happens when you go to gmail. What does "can't access" mean? You get an error message? You see a block page? The page partially renders? You will need to look at the events in reports to figure out what resources are being blocked that gmail requires and pass those.
    If you pass all of google then search will work.

    Yes, You can try to allow google but block search, but I would try the other way first.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Mar 2015
    Posts
    78

    Default

    Quote Originally Posted by dmorris View Post
    Are you using HTTPS Inspector? The approach to take is going to greatly depend on that.
    If you are not, you'll likely just need to allow all of google. Without it you'll only be able to see that its an SSL connection to some google service and your choice will either be to allow it or block it. You won't be able to see the content in the session.


    I would remove google.com from the pass list.

    Then test and see what happens when you go to gmail. What does "can't access" mean? You get an error message? You see a block page? The page partially renders? You will need to look at the events in reports to figure out what resources are being blocked that gmail requires and pass those.
    If you pass all of google then search will work.

    Yes, You can try to allow google but block search, but I would try the other way first.
    I enabled HTTPS Inspector, then enable restrict google applications under web filter. By the way, I have separate policy manager for this group only.

    Here is the screenshot of can't access gmail

    gmail_no_access.JPG

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,665

    Default

    The Untangle root certificate must be loaded on the PCs behind the Untangle to use HTTPS inspector.

    http://wiki.untangle.com/index.php/H...#Configuration
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    I was just asking if you were using HTTPS Inspector, not suggesting you install it.

    If you want to install it, thats fine, but I would do some reading first to understand the implications.
    Doing full SSL inspection is powerful but the maintenance is high.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Untangler
    Join Date
    Mar 2015
    Posts
    78

    Default

    Quote Originally Posted by dmorris View Post
    I was just asking if you were using HTTPS Inspector, not suggesting you install it.

    If you want to install it, thats fine, but I would do some reading first to understand the implications.
    Doing full SSL inspection is powerful but the maintenance is high.
    I'll just uninstall it then since I don't have enough knowledge using it.

    Can I ask how to block google search instead?

  7. #7
    Untangler
    Join Date
    Mar 2015
    Posts
    78

    Default

    I also follow this thread http://forums.untangle.com/web-filte...il-images.html but it is not working. I also need this one for another policy.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    1) just add 'google.com' to the block list (or if you've already blocked everything then don't bother with this)
    2) then add 'gmail.com' and 'mail.google.com' to the passlist.
    3) look at events in reports and repeat #2 as necessary, you will find other sites you need to add to the passlist. like gstatic.com, googleusercontent.com etc.


    * Also you'll need to block UDP port 443 if you are using chrome because chrome uses QUIC now.
    Last edited by dmorris; 12-04-2015 at 08:51 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangler
    Join Date
    Mar 2015
    Posts
    78

    Default

    Quote Originally Posted by dmorris View Post
    1) just add 'google.com' to the block list (or if you've already blocked everything then don't bother with this)
    2) then add 'gmail.com' and 'mail.google.com' to the passlist.
    3) look at events in reports and repeat #2 as necessary, you will find other sites you need to add to the passlist. like gstatic.com, googleusercontent.com etc.


    * Also you'll need to block UDP port 443 if you are using chrome because chrome uses QUIC now.

    Sorry for late reply.

    Here's my problem right now after blocking google.com

    mail.google.com and google.com/mail is working fine but gmail.com is not. Here is the screenshot of not allowed gmail

    Capture.JPG

    Another question is that I would like to disable admin page on other users. I would like only myself to access it.

    I tried disabling "Allow http on non-wans" to prevent other users to visit our untangle admin page but I that is not a good idea because I can't see untangle blocked page when I visit blocked websites.

  10. #10
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    you'll have to look at the events in reports.
    If you are trying to do so without looking at the events, you will fail.

    its trying to show you the block page. if you click through the warning it will display.

    Re: input filter rules... Indeed.
    http://wiki.untangle.com/index.php/F...t_Filter_Rules
    I would not mess with your input filter rules. It has nothing to do with any of this.
    Last edited by dmorris; 12-15-2015 at 11:44 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2