forum.wfiltericf.com

Hello



Two questions:



1. When I attempt to access a blocked https site. Access to the site is blocked, however rather than getting the deny page on the user's browser, the user gets a problem loading the page (i.e. as if the Web site is down).



2. I understand that the current procedure to block https sites is to enter the individual URL's in the HTTPS black list. Would it be possible in future version of WFilter to have the Website Category Filtering to apply to both http and https URL's?



VW

I'm having a problem with the blocking of https sites.



While I am able to block facebook with the following: *.facebook.com*



I'm not able to block youtube



Would appreciate suggestions on how to troubleshoot.

Some additional info.



When I visit https://www.youtube.com which is not blocked



There is no entry in the 'Current Activities' on WFilter



The entry to block this site in the HTTPS Black list is: *.youtube.com*

VeeDub wrote: Hello



Two questions:



1. When I attempt to access a blocked https site. Access to the site is blocked, however rather than getting the deny page on the user's browser, the user gets a problem loading the page (i.e. as if the Web site is down).



2. I understand that the current procedure to block https sites is to enter the individual URL's in the HTTPS black list. Would it be possible in future version of WFilter to have the Website Category Filtering to apply to both http and https URL's?



VW

WFilter is not able to inject a denial page into a HTTPS section because HTTPS traffic is encrypted, so it just terminate the connections. So far we have no solution to display denial pages to https access yet.



Actually, the "website category filtering" policy is also applied to https websites in current version of WFilter. If you find any questions, please let me know.

gengw2000 wrote: [quote=VeeDub]Hello

Actually, the "website category filtering" policy is also applied to https websites in current version of WFilter. If you find any questions, please let me know.

I am observing the following:



http://www.youtube.com always blocked

http://www.facebook.com always blocked



https://www.youtube.com never blocked

https://www.facebook.com sometimes blocked

gengw2000 wrote:

WFilter is not able to inject a denial page into a HTTPS section because HTTPS traffic is encrypted, so it just terminate the connections. So far we have no solution to display denial pages to https access yet.

If you can establish that you need to block a https page, could you redirect the browser to the http denial page for the content in question?

VeeDub wrote: [quote=gengw2000]

WFilter is not able to inject a denial page into a HTTPS section because HTTPS traffic is encrypted, so it just terminate the connections. So far we have no solution to display denial pages to https access yet.

If you can establish that you need to block a https page, could you redirect the browser to the http denial page for the content in question?




Sorry, it's also can not be redirected.

gengw2000 wrote:

WFilter is not able to inject a denial page into a HTTPS section because HTTPS traffic is encrypted, so it just terminate the connections. So far we have no solution to display denial pages to https access yet.

Well Untangle are able to provide a denial page for both http and https traffic with their content filter, so it obviously is possible, but I'm afraid I can't help you with the 'how'.



But Untangle's reporting is nowhere near as good as WFilter.

We'll check. Thanks for your information.

VeeDub wrote: Some additional info.



When I visit https://www.youtube.com which is not blocked



There is no entry in the 'Current Activities' on WFilter



The entry to block this site in the HTTPS Black list is: *.youtube.com*

WFilter blocks https/tls websites by its certificate(common name). We noticed youtube websites are using google's SSL certificate "*.google.com"(youtube is a google company now.), so you need to add "*.google.com" into your https black list to block youtube. However, this will over block other google's sites, please wait for a few days for us to find a solution.