So a customer called me with a complaint about being blocked from legitimate sites, saying simply that a critical banking web site had been blocked. However, there are several ways that one is "blocked" from a web site: a simple issue of old web links or bookmarks, adware in your local computer, network congestion, an active block by your IPCop's URLFilter Addon, or OpenDNS blocking due to restricted content. Each of these gives an error message that is unique to its condition (with the exception of adware, it's meant to be misleading) - unfortuantely this person couldn't remember the content or color of the block message. I suggested they take a photo of the block message with their cell phone and text it to me the next time this happens. Windows does NOT make sending screenshots as easy as it should be.
So another person at the customers' site calls and says that there is no filtering on the system. Wow, two people from the same site with opposite problems? What a puzzle!
While I can't exactly figure out person 1's issue, person 2's issue was that the URLFilter just did not work. It had failed open - allowing access to everything that OpenDNS didn't block. The Advanced Proxy was still working as it was still dutifully logging web site visits - you'll know the AdvProxy has quit and it's just NAT if you have logging turned on but nothing is being logged.
I tried stopping and restarting the URLFilter, the AdvProxy, then the whole IPCop, but it still didn't work. I tried reinstalling the URLFilter over itself so as not to lose my settings and blacklists - no luck. I had to uninstall the URLFilter, reboot the IPCop, the reinstall the URLFilter to make it start working. I had copied all of the settings into textedit, so I was able to put everything right back into place with the exception of the blacklist.
An interesting note: removing and reinstalling the URLFilter component periodically may do some desireable housekeeping: it arranged my blocked sites categories alphabetically (they were a mess prior to that), it seemed to drop some categories that I didn't use anyway, and it seemed to improve the browsing speed.
1 comment:
Free Blacklists From "Shalla" Suck!
We specialize in serving intelligent network administrators high quality blacklists for effective, targeted inline web filtering leveraging Squid proxy. We are the worlds leading and ONLY publisher of blacklists tailored specifically for use with Squid Proxy Native ACL. We also publish the worlds LARGEST adult domain blacklist, as well, as the worlds first blasphemy blacklist. Our works are available in several alternative formats for compatibility with multiple other web filter platforms. There is a demand for a better blacklist. And with few alternatives available, we intend to fill that gap.
Squidblacklist.org Est. 2012. Owned and maintained by Benjamin E. Nichols & Co. It is an extension of the work I have been doing for years applying filters to my own networks with squid proxy and firewalls. Squidblacklist.org is platform whereby I hope to share the amalgamation of these works with the community, in the hopes that it will serve the greater good, helping to secure networks while providing a useful resource for individuals looking for a reasonable level of control of http traffic on their respective networks using a range of filtering solutions.
It would be our pleasure to serve you,
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Post a Comment