Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 31
  1. #21
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    650

    Default

    There is documentation. This is linked to from the wiki’s Web Filter article.

    https://wiki.untangle.com/index.php/URL_Matcher

    And the Web Filter article.

    https://wiki.untangle.com/index.php/Web_Filter

  2. #22
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    650

    Default

    Quote Originally Posted by dbh1 View Post
    I would prefer to be able to at least put in some part of an ip address to make it more difficult for a black hat that reads these message boards to craft their attack using this string.
    Since I use Web Filter to block IP-only URLs Id have to craft a pass rule that allows IPs Amazon uses and could forget about the stuff at the end. Maybe thatd work for you.

  3. #23
    Newbie
    Join Date
    Feb 2015
    Posts
    9

    Default

    This didn't seem to work: *kindle-wifi/wifistub.html

    I looked at https://wiki.untangle.com/index.php/URL_Matcher and followed it to https://wiki.untangle.com/index.php/Glob_Matcher. Based on my reading, that should have worked.

    Note that I am using web monitor, not web filter if that matters.

  4. #24
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    650

    Default

    Well crumb. All I have to work with is clicking the link in posts here, so I can only speak for the one time it did work.

    This is a mystery to me. I don't understand why this mis-categorization keeps popping up (it's not like Zvelo has a reputation for this kind of thing), and I don't understand why the pass list is failing to work as expected. And since I don't have any Amazon hardware except Kindles (and the Kindles are bypassed), I can't dig any deeper.

    As I understand it, Web Monitor is a subset of Web Filter, so to my knowledge this particular event should be handled identically by both, sans a block for Web Monitor.

  5. #25
    Newbie
    Join Date
    Feb 2015
    Posts
    9

    Default

    Ok, so I actually misunderstood how this works and I am thinking that others may too, so I think I fixed it.

    There is a default rule under settings->events that emails you when a fishing attempt is detected regardless if the flag is bypassed. After one of the earlier fixes, I was actually getting emails showing a false flag (originally it had a true flag) but didn't notice as I was still getting the notice and that doesn't seem like obvious behavior to me.

    Anyway, I unchecked the default event rule and added my own that only sends an alert when flagged. I hope this will result in my desired behavior:

    Annotation 2019-01-10 153410.jpg
    Screen Shot 2019-01-09 at 9.21.31 PM.png
    Last edited by dbh1; 01-10-2019 at 01:35 PM.

  6. #26
    Newbie
    Join Date
    Nov 2018
    Posts
    8

    Default

    I'm having this problem as well and I'm reading the replies about the wildcard not working. It's obvious there are a lot of IP addresses so you would have to make a lot of rules to allow it otherwise.

    What if you could come at it from the other direction.

    I see in the email: "hostname": "amazon-3870xxxxxx",

    I'm really new to Untangle and firewalls in general so the rules etc are a learning curve. Would it not be possible to exclude the associated hostname above from the rules and filtering? That would seem to keep so called offending URL's from causing issues. I do not believe any worrisome ports are open on the Amazon Fire so I do not see that it could present a risk to exempt it from filtering.

    Would that work?

  7. #27
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    650

    Default

    Quote Originally Posted by dbh1 View Post
    Ok, so I actually misunderstood how this works and I am thinking that others may too, so I think I fixed it.
    Good find. I didn't even think about that aspect of things. In normal Web Filter use there isn't this odd, nagging repetition of a false positive (at least not in my experience), so I didn't think to look closely at the event trigger process for this category. Oops.

    You make a good point about refining my quick and dirty wildcard rule to make it smarter. Since this seems to be an ongoing problem, please do share what you finally put in place.

  8. #28
    Newbie
    Join Date
    Nov 2018
    Posts
    8

    Default

    Quote Originally Posted by dbh1 View Post
    Ok, so I actually misunderstood how this works and I am thinking that others may too, so I think I fixed it.

    There is a default rule under settings->events that emails you when a fishing attempt is detected regardless if the flag is bypassed. After one of the earlier fixes, I was actually getting emails showing a false flag (originally it had a true flag) but didn't notice as I was still getting the notice and that doesn't seem like obvious behavior to me.

    Anyway, I unchecked the default event rule and added my own that only sends an alert when flagged. I hope this will result in my desired behavior:

    Annotation 2019-01-10 153410.jpg
    Screen Shot 2019-01-09 at 9.21.31 PM.png
    Can you guide a newbie how to get to "settings->events"? I'm looking but I can't find it. I'm on the screen like you are above with the rule like yours, but, I cannot find the settings screen above it.

  9. #29
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    650

    Default

    I think what you're looking for is Config > Events and the first tab, Alerts.

  10. #30
    Newbie
    Join Date
    Nov 2018
    Posts
    8

    Default

    I've made the changes above and I am still receiving alerts.

    I've selected "Save" after making each change.

    This should make the changes active, right?

    Do I need to reboot the server to make these changes work?

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2