Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 4825 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Circumventing quota time allocation

Gnome
I have my UTM configured to apply quota to media streaming but I found an issue.  The check on available time only seems to be done at the start of the streaming, the consequence of this is that a user can allocate 10 minutes of their allowed quota and then kick of a streamed video and be able to watch the whole thing even if it is several hours long.  

Does anyone know of a way to stop this ?

Regards

Gnome


This thread was automatically locked due to age.
Parents
  • 0

    Something that is probably related:

    With https scanning disabled, the logs contain a single "Connect" entry for each https session.   

    I have determined that the Size information on the log entry represents the total volume of traffic moved during the session, and that the log entry is not written until the session is closed.

    Youtube (and other Google sites) are fully https-based.  So the best that we can expect is that the quota will be updated when the session is closed, at which point a new session will not be allowed, but it does not solve your problem with the long session.

    Https inspection might solve the problem, because each request is logged separately.   That requires deploying the UTM CA and a proxy configuration to each device.

Reply
  • 0

    Something that is probably related:

    With https scanning disabled, the logs contain a single "Connect" entry for each https session.   

    I have determined that the Size information on the log entry represents the total volume of traffic moved during the session, and that the log entry is not written until the session is closed.

    Youtube (and other Google sites) are fully https-based.  So the best that we can expect is that the quota will be updated when the session is closed, at which point a new session will not be allowed, but it does not solve your problem with the long session.

    Https inspection might solve the problem, because each request is logged separately.   That requires deploying the UTM CA and a proxy configuration to each device.

Children
No Data
Unfiltered HTML