This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Web sites in policies not working

Here's a puzzler
I've trying to block access to a web site that I'll be accessing through a Tor-based Browser
I enter the site name from the tor-browser url field  (cut-paste so I can't make a mistake).

I edit the relevant policy and enter this url under "Websites".

This seems intuitive and simple enough not to be a mistake.

I, however, can continue to access this site using my standard browser.

Furthermore, I can go to the "Policy Helpdesk" and enter the URL and it shows as "Allowed" with the updated policy listed as the one used.

This seems clearly to be a mistake/bug in the system.

Could someone check my work?

 

Thanks,

Doug



This thread was automatically locked due to age.
Parents
  • If Policy Help Desk says that a site is allowed, then you have not configured web filtering correctly.  Read my tutorials, which are pinned to the top of the web filtering topic area.  Web filtering is a very stable and reliable subsystem, which I have exercised thoroughly.

    However, TOR is another animal entirely.   The whole purpose of TOR is to obfuscate your traffic from intermediate devices, of which UTM is an example, so I would not expect web filtering to work normally.

    I have not used TOR nor have I studied it at any length, but I infer the following:

    • The TOR browser makes a secure connection to a TOR entry point using port 443.
    • Thereafter, the browser routes all of its traffic and all of its DNS queries through the TOR network.
    • UTM can only see the initial connection to the TOR entry point, so it can only filter on the TOR entry point URL.
    • If you enable HTTPS inspection, UTM would intercept your initial connection, but it would be unable to make a secondary connection because it would be simulating a regular browser rather than a tor browser..

    UTM does have an application control which can be used to block outbound TOR connections.   I do not know the details of how that control detects TOR.

    Also, I am curious why you want to use TOR at all.

Reply
  • If Policy Help Desk says that a site is allowed, then you have not configured web filtering correctly.  Read my tutorials, which are pinned to the top of the web filtering topic area.  Web filtering is a very stable and reliable subsystem, which I have exercised thoroughly.

    However, TOR is another animal entirely.   The whole purpose of TOR is to obfuscate your traffic from intermediate devices, of which UTM is an example, so I would not expect web filtering to work normally.

    I have not used TOR nor have I studied it at any length, but I infer the following:

    • The TOR browser makes a secure connection to a TOR entry point using port 443.
    • Thereafter, the browser routes all of its traffic and all of its DNS queries through the TOR network.
    • UTM can only see the initial connection to the TOR entry point, so it can only filter on the TOR entry point URL.
    • If you enable HTTPS inspection, UTM would intercept your initial connection, but it would be unable to make a secondary connection because it would be simulating a regular browser rather than a tor browser..

    UTM does have an application control which can be used to block outbound TOR connections.   I do not know the details of how that control detects TOR.

    Also, I am curious why you want to use TOR at all.

Children