Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 27 November 2024, 11:04:07 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian 2.3 and Content filtering
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 2.3 and Content filtering  (Read 35999 times)
vyper_013
Jr. Member
*
Offline Offline

Posts: 6


« on: Thursday 29 October 2009, 09:35:11 am »

ARRRRGHHHHHH......

I am stuck....  I have gone through so many hoops and cannot get this to work.  I have created a new Content filter (Restricted (Content2)) and then a new Access rule and applied this content filter.... yet it doesn't do anything??  I have read the forums many times and hit the same articles.... I have a complete listing of blocking rules.... and have rebooted with many permutations.... still it doesn't block anything.

My setup is a single nic VM image, therfore it is mainly for proxying and caching and not firewalling.   

Any help would be great..... if anyone needs more information I am happy to provide???
Logged
ybjones72
Full Member
***
Offline Offline

Posts: 18


« Reply #1 on: Thursday 29 October 2009, 04:44:32 pm »

I used the script from this post (http://efwsupport.com/index.php?topic=4.0) to update my Dansguardian filters and I could then get some minor (and I stress MINOR) semblance of a working content filter. I have an  Sites rule that has the score set to 160, and the in the "Filter pages known to have content of the following categories. (URL Blacklist)" section, the -Porn has the blocked selected. I can get to any number or porn sites (including obvious ones like hustler.com and playboy.com) but I cannot do a Google or yahoo search for the term  cancer - I can do a Google search for vagina or  (and I can search for the slang terms for it as well). If I select the  selections under "Filters pages containing phrases of the following categories. (Content Filtering)" then most of the porn sites are caught and so are the search phrases.

I was very excited to find Endian in my search for a possible Untangle replacement but this is very disappointing. Of course, I could be doing something wrong but as far as I can tell, I have the settings correct.

Logged
ybjones72
Full Member
***
Offline Offline

Posts: 18


« Reply #2 on: Thursday 29 October 2009, 04:47:11 pm »

On a side note, if I put quotes around the search term as in " cancer" then it does not get blocked. Slang terms for body parts still get blocked even with the quotes.
Logged
rhaarhoff
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Tuesday 03 November 2009, 12:39:35 am »

vyper_013, have you found any solutions.

Have the same setup as you. VMServer one NIC. Phrase list is working but the URL blacklist is not working.

Changed the orginal lists with Shalla Lists which is working with my curently on version 2.2 (stand-a-lone). But still no joy.
Can't see how VMServer will have anything to do with it. The Endian installation has no clue it's a vitrual Server.....

Cheers,
Logged
laythingy59
Full Member
***
Offline Offline

Posts: 40


« Reply #4 on: Wednesday 04 November 2009, 12:43:19 am »

im also having the same issue with content filtering.
if any of you guys manage to fix it it would be good to know.

thanks

Adam
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #5 on: Wednesday 04 November 2009, 02:12:05 am »

I think Endian doesnt work well with only one NIC.

I haven't worked too much with content filtering. Just upgraded EFW to a new URL blacklist and blocked all that I consider unsuitable on a working environment.
 I  dislike phrase filtering (regular expressions) on Endian. It is too restrictive for me, and I got blocked some legit webpages. In fact I have it to 300.

The problem with regular expressions is that maybe a single word doesn't fire the block event. It must add 160 points of bad words/bad phrases to block the page. If you find out that this is not enough you have two options:
1- Lower Max. score for phrases (50-300) to 50
2- Tweak the phrase filtering to raise scores on phrases/words you define. Check /etc/dansguardian/phraselists/pornography/ files. If you check the file /etc/dansguardian/phraselists/pornography/weighted , you'll see that the term <vagina> only scores 5 points. It seems that this word is not very indicative of pornography. Of course you can tweak those scores to what you like.


Tip: If you got some page blocked, you can see why this webpage is being block by seeing the source page on your browser (any browser can do that, by right clicking on the webpage). On source code you'll see something like:
</>
<BODY>

<!--
Url: http://www.playmates.comReason: Banned Regular Expression URL found.
Reasonlogged: Banned Regular Expression URL: (os|sight|site|sonly|web|-?job|bondage|centerfold|shot|cyberlust|cybercore||incest|masturbat|obscene|pedophil|pedofil|playmate|pornstar|dream|show|softcore|striptease)User: 127.0.0.2IP: 192.168..XXXFiltergroup: Filter content2Byp: -->

That helps you find out why some page was blocked.
Logged
ybjones72
Full Member
***
Offline Offline

Posts: 18


« Reply #6 on: Wednesday 04 November 2009, 02:30:56 am »

I actually have 5 nics in the system. The problem I have is that site blocking isn't working and phrase blocking works too well! I expect that some obscure "porn" sites might make it through but well known ones should not.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #7 on: Wednesday 04 November 2009, 03:18:36 am »

I actually have 5 nics in the system. The problem I have is that site blocking isn't working and phrase blocking works too well! I expect that some obs "porn" sites might make it through but well known ones should not.
It seems related to:
http://bugs.endian.it/view.php?id=2300
It appears that the domain filters are not being loaded.
It happens on my efw box, the file /etc/dansguardian/profiles/2/bannedsitelist is empty, but not the /etc/dansguardian/profiles/2/bannedurllist.

Thanks for pointing out the problem on the forum.

Check that steps and see if starts filtering. On console:
cat /etc/dansguardian/profiles/2/bannedurllist | sed -e 's/urls/domains/g' >/etc/dansguardian/profiles/2/bannedsitelist
/etc/init.d/dansguardian reload

If after that the content filtering starts to block unwanted porn sites, the problem is that bug. Those steps aren't a solution, EFW will wipe that modification on a Squid restart.
I'll try to find the problem and make a quickfix. It is usually faster for me to track down the problem rather than wait a fix on Mantis.






Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #8 on: Wednesday 04 November 2009, 04:12:49 am »

Created a quickfix, see http://efwsupport.com/index.php?topic=1060.0
Logged
ybjones72
Full Member
***
Offline Offline

Posts: 18


« Reply #9 on: Wednesday 04 November 2009, 05:40:28 am »

Awesome. I will give it a try and let you know.
Logged
vyper_013
Jr. Member
*
Offline Offline

Posts: 6


« Reply #10 on: Wednesday 04 November 2009, 04:50:32 pm »

I haven't tried this yet... will do overnight and report back...... hoping it is the solution i need... .I like the product and it works well as v 2.2...... 2.3 is still with the Jury at the moment.... :|

Logged
vyper_013
Jr. Member
*
Offline Offline

Posts: 6


« Reply #11 on: Thursday 05 November 2009, 11:37:53 am »

This seems to do the trick..... will continue testing... but so far so good!!!!  One more thing...... if you want to block for a specific IP then you need to include the subnet.... IE: 192.168.50.100/32  if you just put in 192.168.50.100 it wants you to authenticate??

Thanks so far.............
Logged
ybjones72
Full Member
***
Offline Offline

Posts: 18


« Reply #12 on: Thursday 05 November 2009, 11:45:28 am »

Just finished the quick fix and it appears that it is working. Looks like I will do some further testing of Endian now - specifically with the site-to-site VPN capabilities.

Thanks mrkroket!
Logged
davvidde
Full Member
***
Offline Offline

Gender: Male
Posts: 68


« Reply #13 on: Friday 06 November 2009, 03:39:53 am »

I cannot add (create) no more than two groups with local NCSA authentication method: If I add the 3rd group endian rename the last group. Is this by design?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.156 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com