This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Web sites in policies not working

Here's a puzzler
I've trying to block access to a web site that I'll be accessing through a Tor-based Browser
I enter the site name from the tor-browser url field (cut-paste so I can't make a mistake).

I edit the relevant policy and enter this url under "Websites".

This seems intuitive and simple enough not to be a mistake.

I, however, can continue to access this site using my standard browser.

Furthermore, I can go to the "Policy Helpdesk" and enter the URL and it shows as "Allowed" with the updated policy listed as the one used.

This seems clearly to be a mistake/bug in the system.

Could someone check my work?

Thanks,

Doug

This thread was automatically locked due to age.

Parents

0 DouglasFoster over 4 years ago
If Policy Help Desk says that a site is allowed, then you have not configured web filtering correctly. Read my tutorials, which are pinned to the top of the web filtering topic area. Web filtering is a very stable and reliable subsystem, which I have exercised thoroughly.

However, TOR is another animal entirely. The whole purpose of TOR is to obfuscate your traffic from intermediate devices, of which UTM is an example, so I would not expect web filtering to work normally.

I have not used TOR nor have I studied it at any length, but I infer the following:

The TOR browser makes a secure connection to a TOR entry point using port 443.

Thereafter, the browser routes all of its traffic and all of its DNS queries through the TOR network.

UTM can only see the initial connection to the TOR entry point, so it can only filter on the TOR entry point URL.

If you enable HTTPS inspection, UTM would intercept your initial connection, but it would be unable to make a secondary connection because it would be simulating a regular browser rather than a tor browser..

UTM does have an application control which can be used to block outbound TOR connections. I do not know the details of how that control detects TOR.

Also, I am curious why you want to use TOR at all.
Cancel
Vote Up 0 Vote Down

Cancel
0 SalishSwede over 4 years ago in reply to DouglasFoster

This is what's at the top of the web filtering topic area. I don't see anything about a tutorial.
I've been using web filtering since it was included in Astaro's product.
Cancel
Vote Up 0 Vote Down

Cancel
0 DouglasFoster over 4 years ago in reply to SalishSwede

Check in Policy Helpdesk for an exception that is overriding your filter.

They have moved things around a little. I think these articles are the most applicable:

Quicker read:

https://community.sophos.com/products/unified-threat-management/f/recommended-reads/108379/sophos-utm-how-to-troubleshoot-web-filtering

More complete discussion

https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/101117/optimizing-web-proxy-lessons-learned
Cancel
Vote Up 0 Vote Down

Cancel
0 SalishSwede over 4 years ago in reply to DouglasFoster

The site is now blocked.

I did nothing to change the behavior of the UTM.

There is a bug somewhere causing this, possibly a bug that has been patched and pushed out since I posted this issue.
"Nothing to see here, move along..."
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 SalishSwede over 4 years ago in reply to DouglasFoster

The site is now blocked.

I did nothing to change the behavior of the UTM.

There is a bug somewhere causing this, possibly a bug that has been patched and pushed out since I posted this issue.
"Nothing to see here, move along..."
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data