|
Title: See which IP address tried to access banned content Post by: ryan_lsq on Friday 24 August 2012, 06:43:34 am Hi all,
When looking at my content filter logs when someone accesses a banned site, all I see is: Code: 127.0.0.1 127.0.0.1 {url} *DENIED* Banned site: openvpn.net GET 0 0 1 403 - Default Profile (content1) -I have a few filters assigned to various things including one specifically for GREEN and one specifically for BLUE. I can tell which network the banned sute was requested from because it lists 127.0.0.1 for filter 1, 127.0.0.2 for filter 2 and so on and also specifically say s it. My question is this. Is there any way I can make Dansguardian show the originating IP for the banned request? For instance have it show: Code: 127.0.0.1 192.168.0.157 {url} *DENIED* Banned site: openvpn.net GET 0 0 1 403 - Default Profile (content1) -Some info: I'm using Endian Community 2.5.1 and I have Squid/DG in transparent mode on both BLUE and GREEN interfaces. Thanks. Title: Re: See which IP address tried to access banned content Post by: endianupdate on Friday 21 September 2012, 02:41:15 am In which log are you looking, in the live log or the proxy > content filter log?
I see the following in the content filter log; 192.168.12.41 (127.0.0.1) http://b.scorecardresearch.com/b?c1=2&c2=6036161&c3=&comscor... DENIED And in the live content filter log; 127.0.0.1 192.168.12.41 http://ib.adnxs.com/seg?add=20&t=1 *DENIED* Banned site: adnxs.com GET 0 0 1 403 - Default Profile (content1) I am also running multiple zones in transparent proxy mode on 2.5.1 and for me it does show the originating IP. I have separate access policies setup for each zone though rather than one for all zones; filter using 'content1' GREEN ANY not required Always ANY filter using 'content1' ORANGE ANY not required Always ANY filter using 'content1' BLUE ANY not required Always ANY Hope this helps. |