[148078] Web Control component Options

[Tybilly]

Hello,

I have several questions/remarks about this component.

1. If I create a new rule to block/warn content such as "Social networks" (by content categories), Google + is not processed as it should be.
This website is a well known social network platform: https://plus.google.com/

My question is: where should we send such requests? Then this URL will be added to the database.
If this should be sent to an email address, can we expect to get a reply? We are speaking about a corporate product now, we need to be able to track each request and provide customers with updated status.

2. If I set a mail notification in the policy of KES8 for this event: Warning about unwanted content (Warning), and if I try to visit 1 website corresponding to a specified rule then I'll receive many email for only 1 attempt. For example, create a rule to warn user when accessing "Social networks" website and try to browse http://vkontakte.ru

Then you'll receive such notification:

Event Warning about unwanted content happened on computer PC-DE-DAMIEN in the domain WORKGROUP on Tuesday, August 23, 2011 11:39:49 AM (GMT+01:00) Event type: Warning about unwanted content Requested address: http://vkontakte.ru/images/join/photos_m.png
Result\Permission: Warned
Rule\Rule name: Social Network
Rule\Content category: Social networks
Rule\Address mask: *
User name: PC-de-Damien\Damien

But you will also receive a notification for the following "requested address":
http://vkontakte.ru/images/join/photos_m.png
http://vkontakte.ru/login.php
http://vkontakte.ru/images/button_vk.png
http://vkontakte.ru/images/toplink.gif
http://vkontakte.ru/images/faviconnew.ico
...

I even receive the same event twice (with the same content in the "requested address" field).

Anyway please change this then only 1 event is sent for each attempt to browse a website corresponding to a rule.

3. I found a bug that you can reproduce easily:
- Create a rule to warn on access Web mail content
 2011_08_23_131439.png ( 9.65K ) Number of downloads: 14

- Go to http://www.yahoo.com and click on the "Mail" button in the menu in the left.
- As a result a warning from KES is displayed
 warning.png ( 21.33K ) Number of downloads: 17

- I you click the link to open the requested web page then either nothing happens or a message from Yahoo services is displayed : "Sorry, the page you requested was not found".
I think this is caused by the random ID which is put at the end of the link.

This post has been edited by enkryptor: 25.08.2011 18:16

[Tybilly]

4. How to deal with secured website such as https://www.facebook.com?

I can't find the option to scan secure traffic in KES8, as a consequence even if I create a rule to block all content related to "Social network" category I can browse facebook using the secured version without any problem...

[Tybilly]

Hello,

No comments on this topic?

Also about my previous remark:

1. If I create a new rule to block/warn content such as "Social networks" (by content categories), Google + is not processed as it should be.
This website is a well known social network platform: https://plus.google.com/

My question is: where should we send such requests? Then this URL will be added to the database.
If this should be sent to an email address, can we expect to get a reply? We are speaking about a corporate product now, we need to be able to track each request and provide customers with updated status.

It's obvious now that secured website such as Google+ are not filtered.
Still other questions remain unanswered.

[enkryptor]

KES doesn't scan https traffic, so facebook can't be blocked by content. You should block it by url.

[Tybilly]

I tried by URL but it doesn't block me to browse specified websites:

 2011_08_25_135912.png ( 11.16K ) Number of downloads: 14

[enkryptor]

You're right, colleagues confirm there's a Web Control issue with SSL (#148078). It will be fixed next public build.

[Tybilly]

Ok thanks.

What about the notification system (many alerts sent for each attempt)?
What about the bug with Yahoo mail?

[enkryptor]

Please kindly post different problems in different topics.

2. KES must send a notification for every file, fetched from the denied resource. For instance, if only user tries to open photos_m.png, we should send a warning.

3. Well-known issue, will be fixed next public build.

[enkryptor]

4. How to deal with secured website such as https://www.facebook.com?

Will be fixed in KES 8.1.0.549.

[Tybilly]

Hello,

Thanks for the follow up.

2. KES must send a notification for every file, fetched from the denied resource. For instance, if only user tries to open photos_m.png, we should send a warning.

If the user tries to open photos_m.png then I agree that a warning should be sent for this object only.

Let's say a website is blocked by category, then why would the system send a notification for each item of the website? It does not make sense, I just want to be notified once for the corresponding website.
If too much email are sent then the administrator will be tired of being spammed and won't take care of such notifications anymore.

[enkryptor]

I agree it doesn't make sense for a human, but http specification doesn't let us distinguish "plain" image from "part of a webpage" image. It looks the same for any http server and traffic monitor.

Theoretically speaking we could suppress similar notifications in a timeout, but there is no such an option in the requirements. The only thing I can do — add it as a suggestion for future versions.

[Tybilly]

I would see this as an option "group notifications coming from same domain"

Thanks for your collaboration.

[enkryptor]

added suggestion #150065

[Tybilly]

Hello,

Will be fixed in KES 8.1.0.549.

It's still not fixed in KES 8.1.0.557