Blocking Web sites in policies not working

Here's a puzzler
I've trying to block access to a web site that I'll be accessing through a Tor-based Browser
I enter the site name from the tor-browser url field  (cut-paste so I can't make a mistake).

I edit the relevant policy and enter this url under "Websites".

This seems intuitive and simple enough not to be a mistake.

I, however, can continue to access this site using my standard browser.

Furthermore, I can go to the "Policy Helpdesk" and enter the URL and it shows as "Allowed" with the updated policy listed as the one used.

This seems clearly to be a mistake/bug in the system.

Could someone check my work?

 

Thanks,

Doug

  • Hi Doug,

    I just tested this and it worked for. I tried this with a site that doesn't appear in any other policy, exception etc. So in my case is used IBM's site to test this.

    Two thoughts on this:
    1. only use the domain part, not the entire URL, i.e. ibm.com
    2. tick the [Include subdomains] box 

    Hope this works, good luck.

    PPG

  • If Policy Help Desk says that a site is allowed, then you have not configured web filtering correctly.  Read my tutorials, which are pinned to the top of the web filtering topic area.  Web filtering is a very stable and reliable subsystem, which I have exercised thoroughly.

    However, TOR is another animal entirely.   The whole purpose of TOR is to obfuscate your traffic from intermediate devices, of which UTM is an example, so I would not expect web filtering to work normally.

    I have not used TOR nor have I studied it at any length, but I infer the following:

    • The TOR browser makes a secure connection to a TOR entry point using port 443.
    • Thereafter, the browser routes all of its traffic and all of its DNS queries through the TOR network.
    • UTM can only see the initial connection to the TOR entry point, so it can only filter on the TOR entry point URL.
    • If you enable HTTPS inspection, UTM would intercept your initial connection, but it would be unable to make a secondary connection because it would be simulating a regular browser rather than a tor browser..

    UTM does have an application control which can be used to block outbound TOR connections.   I do not know the details of how that control detects TOR.

    Also, I am curious why you want to use TOR at all.

  • In reply to DouglasFoster:

    Tor works fine thanks.  Filtering... not so much.

  • In reply to DouglasFoster:

    This is what's at the top of the web filtering topic area.  I don't see anything about a tutorial.
    I've been using web filtering since it was included in Astaro's product.

  • In reply to DouglasFoster:

    The site is now blocked.

    I did nothing to change the behavior of the UTM.

    There is a bug somewhere causing this, possibly a bug that has been patched and pushed out since I  posted this issue.
    "Nothing to see here, move along..."