Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
Sophos UTM offers mighty tools to block a huge number of advertisers, webtrackers, analyzers and other stuff running in the background you usually do not want to have for traffic, performance, privacy or annoyance reasons.However - a warning beforehand. Blocking those advertisers, trackers, adblock detectors etc. may brick specific sites, or limit functionality in unexpected ways. But for me it works quite well, maybe you will need some finetuning by allowing some services for some reason (or add more to block more). So don´t blame me, if those steps breaks your favourite sites Technically you have lot of features to use. Mainly those are:- URL Filter / Categorization- Application Control- Manual recategorization of some annoying "Internet Services"- Manual Blacklists (where you shouldn't have to add a lot anymore ;o)The theory behind speedup of webbrowsing due blocking annoyances is simple. Marketing people of every companiy loves to track and analyze the usage of their website using webstats, trackers etc. Free Websites love to add ads to their sites to generate revenue.Basically I'm not against decent use of ads, as it helps to finance free content in the web (or free apps on your phones, tablets etc.). Sadly there is no more strict border between "acceptable ads" and annoying the user, because a website becomes overloaded by ads. I don't even start to talk about those free apps/games used by my children, where always and everywhere pops up those in-app ads, and I have to take care, that the don't open them or buy by accident something. In the past many years ago you had a simple ad banner in the top, which was acceptable for me. Today that crap is embedded everywhere within websites, which annoyes me - Facebook is a nice "bad example". I hate facebook in the meanwhile (besides of all other privacy issues with it's regular privacy changes).However: Every website opens in the background connections to all those trackers, analyzers, advertiser content servers, which slows down websurfing, as:a) A webbrowser uses a limited number of concurrent connections to a webserver. Each connection which downloads "unnecessary" content will delay the download of the wanted, useful contentb) Unwanted stuff generates additional traffic and load on the UTMc) It those trackers, analyzers or advertisers for some reason are slow, they will put additional delay to your surfing experience, how fast a website is loaded and displayed in the web browserHere's a small guide to get rid of a lot of those trackers, analyzers and advertisers. I still use in my webbrowsers additional adblocker apps, which will play as "afterburner" and rip the remaining annoyances out of the websites, but with mentioned methods it becomes already quite performant and ad free also without such "afterburners" ;o)Requirements:- The UTM's Web Proxy has to be used- Application Control has to be used- As some ads and trackers work via HTTPS, HTTPS scanning will enhance filtering - especially within HTTPS websites, but the newly introduced "URL filtering only" https scanner in UTM9.2 also already should do lot good for you too ;o)First - Let's start with the easy part:- Block with the URL filter in the webproxy the "web ads" category. Already does lot of filtering for you...Second - little more time required:Build a new block rule in the application control. All the applications you want to block are found in the category "web services". Sadly there is no separate category for advertisers, trackers and analyzers - I openened a feature request for that, feel free to add your votes here ==>Enhance Application Control App CategorizationHowever, there are also other services in that category as CNET or Mozilla download servers, CDN's as Akamai and other stuff you may not want to block, so you have to crawl through that "web services" list by yourself and check in the info/description of the application, if it's really a tracker, analyzer or advertiser. You finally may find >150 such applications which fit into those categories (didn't count them exactly). So create a block rule for applications (not groups), filter for "web services" and search for following terms, which should bring up most of those entries fast:"ads""track""analy"But always check the application description, as not all advertisers have a speaking "ads" in the name as example, and otherwise there are also allowed sites as "CNET" or "MOZILLA", which you may not want to block ;o))Advertiser descriptions usually describe something like that here: "Visiting websites that use spoke (formerly Telecom Express) to generate ads." or "Visiting websites that use Webtrends to generate ads and collect user analytics."Third - finetuning by recategorizing unwanted domains using the UTM9.2 "Websites" option to regategorize such site locally from category xyz to "web ads"This can be done by yourself by monitoring ad traffic - in my case for example especially from my mobiles apps in-app ads. This list below may not fit for everyone, but it's a good start. my recategorized list of domains ("incl. subdomains" checked too) is:EDIT 07-10-2014 - Added more entries to list:
And those here below should be imported as URLs without "including subdomains"
Fourth - Manual BlacklistsIf ads or other annoyances are not domain based delivered, but by a path within a generally allowed URL, you may create manual blacklist entries for those specific paths in the web proxies filteractions. I didn't use it up to now - but keep it in mind if you have to...Hope this helps one or the other UTM admin to speed up things even more and get rid of some annoyances in webpages. I'm happy about every feedback here in that thread, or about every vote in the feature portal for those "new" application control categories "web advertisers", "web trackers" and "web analyzers", which would ease things to block such applications quickly.However - my experience by blocking those annoyances is quite positive up to now, and I hope lot of other people also can benefit by this mighty featureset to optimize their surfing experience./Sascha BTW:Troubeshooting also shouldn't be too hard, as every block will be logged in the http.log, and the method used to block is also mentioned in the log as:"web request blocked, forbidden category detected" ==> URL Filter Web Proxy"web request blocked, forbidden application detected" ==> Application Control
2014:02:22-14:45:33 asg01 httpproxy: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="GET" srcip="192.168.10.208" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProContaLanclNetwo4 (LAN_CLI)" filteraction="REF_LmvZxpuYeo (LAN_STD)" size="3205" request="0x14e8aee0" url="www.google-analytics.com/ga.js" exceptions="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="1224" device="0" auth="0" country="United States" application="GOOGANAL"2014:02:22-14:45:33 asg01 httpproxy: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.10.208" dstip="" user="" statuscode="403" cached="0" profile="REF_HttProContaLanclNetwo4 (LAN_CLI)" filteraction="REF_LmvZxpuYeo (LAN_STD)" size="3278" request="0x1d3bc880" url="20minde.wemfbox.ch/.../home
In reply to brandon.bell:
Attached to this post, you will find my current block list. This should be handy for those who block ads by domains. I will try and get this up to date and as frequently as possible. This list is partly thanks to the help of those at AdBlock Plus. This is to supplement the other lists on this page.
See here: [URL="http://www.mediafire.com/view/0ssz3uw2as2bwji/AdBlock_List.rtf"]LINK LIST
In reply to William Warren:
I use the suspicious category inside utm itself much less maintenance��
In reply to tms5d:
Brandon, thanks for this. I'm trying to figure out how to use the list however. Should I define custom overridden categories under "web protectiion --> filtering options --> websites" based on this list? A plain "copy/paste" gives me some errors however, I think the syntax is wrong. Perhaps you could point me and other interested users in the right direction.
In reply to Scott_Klassen:
I've been working on blocking as many ads and trackers as possible, and up until now thought I have been. Mostly following the direction in this thread.
However, when trying to add in trackers/advertisers that the Ghostery app finds, I cannot seem to get it to block them completely. My intent has been to identify them in Ghostery, then use the UTM to block them completely before they reach the browser.
For example, I have added o.aolcdn.com which Ghostery identifys as Advertising.com, owned by AOL. Moatads.com is another. It's blocked by the default Web Ads category, and when I test it with the Policy Test, or try to pull them up directly in a browser, they show blocked. But Ghostery is saying it is blocking them, so they are clearly getting through somehow.
Any ideas on what might be happening?
In reply to Amodin:
Sorry to bring up an old post, but the txt file I have uploaded contains a LOT of domains that I import into my UTM.
Web Protection > Web Filtering > Policies Tab. From there at the bottom is the Base Policy. To the right, click on 'Default content filter action'.
Under 'Websites' tab that appears in the new window, you have a category called 'Block These Websites'.
Create a new item, name it whatever you want, and leave it on Domain. TO the right of the Domains field is a small square pull-down that allows you to Import, Export and Empty.
Open the text file, select all, copy, then select Import in the Domains field. Paste into the import window that appears and save it. Modify to your liking.