Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 10:19:33 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  See which IP address tried to access banned content
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: See which IP address tried to access banned content  (Read 13604 times)
ryan_lsq
Jr. Member
*
Offline Offline

Posts: 2


« on: Friday 24 August 2012, 06:43:34 am »

Hi all,

When looking at my content filter logs when someone accesses a banned site, all I see is:

Code:
127.0.0.1 127.0.0.1 {url} *DENIED* Banned site: openvpn.net GET 0 0 1 403 - Default Profile (content1) -

I have a few filters assigned to various things including one specifically for GREEN and one specifically for BLUE. I can tell which network the banned sute was requested from because it lists 127.0.0.1 for filter 1, 127.0.0.2 for filter 2 and so on and also specifically say s it.

My question is this. Is there any way I can make Dansguardian show the originating IP for the banned request?

For instance have it show:
Code:
127.0.0.1 192.168.0.157 {url} *DENIED* Banned site: openvpn.net GET 0 0 1 403 - Default Profile (content1) -

Some info:

I'm using Endian Community 2.5.1 and I have Squid/DG in transparent mode on both BLUE and GREEN interfaces.

Thanks.
Logged
endianupdate
Full Member
***
Offline Offline

Posts: 53


« Reply #1 on: Friday 21 September 2012, 02:41:15 am »

In which log are you looking, in the live log or the proxy > content filter log?

I see the following in the content filter log;

192.168.12.41 (127.0.0.1)   http://b.scorecardresearch.com/b?c1=2&c2=6036161&c3=&comscor...   DENIED

And in the live content filter log;

127.0.0.1 192.168.12.41 http://ib.adnxs.com/seg?add=20&t=1 *DENIED* Banned site: adnxs.com GET 0 0 1 403 - Default Profile (content1)

I am also running multiple zones in transparent proxy mode on 2.5.1 and for me it does show the originating IP.

I have separate access policies setup for each zone though rather than one for all zones;

filter using 'content1'   GREEN   ANY   not required   Always   ANY      
filter using 'content1'   ORANGE   ANY   not required   Always   ANY      
filter using 'content1'   BLUE   ANY   not required   Always   ANY    

Hope this helps.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.156 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com