This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking URL based on referrer? More broadly, blocking personal Google Sites

Hello all.

Google Sites has long been used to grant access to "unblockable" games and movies. As a result, I'd like to block personal Google Sites but still allow our own Google Apps Education sites as we use the service.

Precise URL blocks (e.g. sites.google.com/site/unblockedmovies/) do not work even with HTTPS scanning. It seems to me that Google Sites services content almost like a web proxy, but the URL in the address bar is not the actual URL being accessed. Really, I'm not seeing any way to distinguish between personal Google Sites (e.g. https://sites.google.com/site/unblockedmovies/ ) and our own GAE sites ( https://sites.google.com/a/organization.org/ ). Yes, the URL is different, but again, blocking URLs doesn't work.

What I *did* notice though is a REF="URL_we_want_to_block". I'm not aware of Sophos UTM being able to block a site based on this information, but if it can, it seems some regex would probably solve most of the issues. Anyone know if blocking based on REF is possible?

"unblocked movies" page:

2015:10:12-09:49:15 ***x httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.14" user="test.student" ad_domain="***x" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xd82a3800" url="gg.google.com/csisites.google.com/.../" error="" authtime="29" dnstime="0" cattime="89" avscantime="0" fullreqtime="38199" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" reputation="trusted" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"

"Unblocked movies" sub page:

2015:10:12-10:17:58 ***X httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.14" user="test.student" ad_domain="***X" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xdb60e800" url="gg.google.com/csisites.google.com/.../22-jumpstreet" error="" authtime="26" dnstime="0" cattime="63" avscantime="0" fullreqtime="33079" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" reputation="trusted" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"

Our own Google Sites test page:

2015:10:12-10:10:45 ***x httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.217.206" user="test.student" ad_domain="***x" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xdb05e800" url="gg.google.com/csisites.google.com/.../" error="" authtime="0" dnstime="0" cattime="90" avscantime="0" fullreqtime="14753821" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"

Another one of ours...

2015:10:12-10:26:21 ***X httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.46" user="test.student" ad_domain="SEA" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xd7a5a000" url="gg.google.com/csi

Please keep in mind current rules grant blanket access to Google Sites as we need access to Google Sites. Also note that src IPs differ, even amongst our own organization so an IP level block doesn't look likely.

Any thoughts? Has anyone figured this out without blocking Google Apps wholesale?

This thread was automatically locked due to age.

Parents

0 sea_administrator over 9 years ago

I've tried this along with other more creative expressions, but URL blocking does not work. The actual URL sites.google.com/a/organization and sites.google.com/site never cross the web filter. Instead, when you load a Google Site, it loads stuff like: gg.google.com/csi

Here's what a quick visit to sites.google.com/site/unblockedmovies looks like...

2015:10:14-07:54:58 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="142" request="0xd678d000" url="www.google.com/.../search

2015:10:14-07:55:00 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="2860" request="0xd678d000" url="www.google.com/.../gif"

2015:10:14-07:55:11 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="74.125.239.137" user="test.student" ad_domain="DOMAIN" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xccad1000" url="gg.google.com/csi

2015:10:14-07:55:11 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="176" request="0xd678d000" url="www.google.com/.../x-icon"

2015:10:14-07:55:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5430" request="0xd7d74800" url="sites.google.com/" referer="" error="" authtime="29" dnstime="1622" cattime="195332" avscantime="0" fullreqtime="17560243" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size"

2015:10:14-07:55:41 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.171.184" dstip="74.125.239.142" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="87190" request="0xd6e29800" url="safebrowsing.google.com/.../downloads

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.25.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="6772" request="0xd1ff3800" url="translate.googleapis.com/" referer="" error="" authtime="31" dnstime="203" cattime="138" avscantime="0" fullreqtime="240141651" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googtran" app-id="184"

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.136" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="112585" request="0xd20f7000" url="clients4.google.com/" referer="" error="" authtime="18" dnstime="2" cattime="80" avscantime="0" fullreqtime="240466412" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="google" app-id="182"

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.28.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="7241" request="0xc096800" url="fonts.googleapis.com/" referer="" error="" authtime="23" dnstime="774" cattime="49" avscantime="0" fullreqtime="240145955" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:17 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.239.38.120" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="35050" request="0xe1f6c000" url="accounts.youtube.com/" referer="" error="" authtime="30" dnstime="1" cattime="107" avscantime="0" fullreqtime="241093524" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size" overridecategory="1"

2015:10:14-07:58:17 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.158" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="23287" request="0xe0b3b800" url="ssl.google-analytics.com/" referer="" error="" authtime="24" dnstime="1" cattime="61" avscantime="0" fullreqtime="240783629" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googanal" app-id="175"

2015:10:14-07:58:18 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="479903" request="0xd9962800" url="s.ytimg.com/" referer="" error="" authtime="32" dnstime="1440" cattime="97" avscantime="0" fullreqtime="240190302" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="youtube" app-id="557"

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="383" request="0xd667d800" url="www.google.com/url

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="296" request="0xd667d800" url="www.google.com/.../ServiceLogin

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.198" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="6245" request="0xd5588000" url="static.doubleclick.net/" referer="" error="" authtime="29" dnstime="866" cattime="84" avscantime="0" fullreqtime="240080755" device="1" auth="2" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" application="dblclick" app-id="812"

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5006" request="0xd2c46000" url="apis.google.com/.../preview

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="82871" request="0xd2c46000" url="apis.google.com/.../preview

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.143" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="160191" request="0xc9461800" url="fonts.gstatic.com/" referer="" error="" authtime="23" dnstime="1275" cattime="87" avscantime="0" fullreqtime="243623548" device="1" auth="2" ua="" exceptions="" category="177" reputation="unverified" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.193" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="29466" request="0xd5448800" url="oauth.googleusercontent.com/" referer="" error="" authtime="28" dnstime="131" cattime="187" avscantime="0" fullreqtime="240067602" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.192.46" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="20400" request="0xa094000" url="i.ytimg.com/" referer="" error="" authtime="31" dnstime="2" cattime="122" avscantime="0" fullreqtime="240266938" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="youtube" app-id="557"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="11753" request="0xd2c46000" url="apis.google.com/.../proxy.html

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="74.125.239.137" user="test.student" ad_domain="DOMAIN" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xe1f6e800" url="gg.google.com/csi

2015:10:14-07:58:21 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.195" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="148659" request="0xec6b800" url="ssl.gstatic.com/" referer="" error="" authtime="19" dnstime="1" cattime="67" avscantime="0" fullreqtime="240105792" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:27 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5429" request="0xa1aa000" url="docs.google.com/" referer="" error="" authtime="23" dnstime="1" cattime="46" avscantime="0" fullreqtime="10112379" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="383" request="0xd667d800" url="www.google.com/url

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="298" request="0xd667d800" url="www.google.com/.../ServiceLogin

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.239.38.120" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xd7d6f800" url="accounts.youtube.com/" referer="" error="" authtime="27" dnstime="1" cattime="76" avscantime="0" fullreqtime="18701223" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size" overridecategory="1"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.25.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5119" request="0xcd4e000" url="content.googleapis.com/" referer="" error="" authtime="24" dnstime="1271" cattime="64" avscantime="0" fullreqtime="17532208" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.28.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xe07b9800" url="fonts.googleapis.com/" referer="" error="" authtime="31" dnstime="2" cattime="104" avscantime="0" fullreqtime="19457034" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.195" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5431" request="0xe4a81000" url="fonts.gstatic.com/" referer="" error="" authtime="30" dnstime="1360" cattime="113" avscantime="0" fullreqtime="18663674" device="1" auth="2" ua="" exceptions="" category="177" reputation="unverified" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.192.40" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xd9962000" url="ssl.google-analytics.com/" referer="" error="" authtime="29" dnstime="1" cattime="53" avscantime="0" fullreqtime="19455762" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googanal" app-id="175"

Notice that blocking video.google.com stops the videos from loading even if the site remains accessible. It seems *some* of these sites are embedding videos from Google Drive... but it isn't just videos. There are lots of gaming sites like "newstudyhall" which are also immune to URL blocking, even with HTTPS scanning.

google-sites-example.zip

Reply

0 sea_administrator over 9 years ago

2015:10:14-07:54:58 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="142" request="0xd678d000" url="www.google.com/.../search

2015:10:14-07:55:00 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="2860" request="0xd678d000" url="www.google.com/.../gif"

2015:10:14-07:55:11 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="74.125.239.137" user="test.student" ad_domain="DOMAIN" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xccad1000" url="gg.google.com/csi

2015:10:14-07:55:11 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.103" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="176" request="0xd678d000" url="www.google.com/.../x-icon"

2015:10:14-07:55:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5430" request="0xd7d74800" url="sites.google.com/" referer="" error="" authtime="29" dnstime="1622" cattime="195332" avscantime="0" fullreqtime="17560243" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size"

2015:10:14-07:55:41 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.171.184" dstip="74.125.239.142" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="87190" request="0xd6e29800" url="safebrowsing.google.com/.../downloads

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.25.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="6772" request="0xd1ff3800" url="translate.googleapis.com/" referer="" error="" authtime="31" dnstime="203" cattime="138" avscantime="0" fullreqtime="240141651" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googtran" app-id="184"

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.136" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="112585" request="0xd20f7000" url="clients4.google.com/" referer="" error="" authtime="18" dnstime="2" cattime="80" avscantime="0" fullreqtime="240466412" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="google" app-id="182"

2015:10:14-07:58:16 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.28.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="7241" request="0xc096800" url="fonts.googleapis.com/" referer="" error="" authtime="23" dnstime="774" cattime="49" avscantime="0" fullreqtime="240145955" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:17 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.239.38.120" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="35050" request="0xe1f6c000" url="accounts.youtube.com/" referer="" error="" authtime="30" dnstime="1" cattime="107" avscantime="0" fullreqtime="241093524" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size" overridecategory="1"

2015:10:14-07:58:17 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.158" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="23287" request="0xe0b3b800" url="ssl.google-analytics.com/" referer="" error="" authtime="24" dnstime="1" cattime="61" avscantime="0" fullreqtime="240783629" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googanal" app-id="175"

2015:10:14-07:58:18 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="479903" request="0xd9962800" url="s.ytimg.com/" referer="" error="" authtime="32" dnstime="1440" cattime="97" avscantime="0" fullreqtime="240190302" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="youtube" app-id="557"

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="383" request="0xd667d800" url="www.google.com/url

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="296" request="0xd667d800" url="www.google.com/.../ServiceLogin

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.198" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="6245" request="0xd5588000" url="static.doubleclick.net/" referer="" error="" authtime="29" dnstime="866" cattime="84" avscantime="0" fullreqtime="240080755" device="1" auth="2" ua="" exceptions="" category="154" reputation="unverified" categoryname="Web Ads" application="dblclick" app-id="812"

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5006" request="0xd2c46000" url="apis.google.com/.../preview

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="82871" request="0xd2c46000" url="apis.google.com/.../preview

2015:10:14-07:58:19 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.239.143" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="160191" request="0xc9461800" url="fonts.gstatic.com/" referer="" error="" authtime="23" dnstime="1275" cattime="87" avscantime="0" fullreqtime="243623548" device="1" auth="2" ua="" exceptions="" category="177" reputation="unverified" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.193" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="29466" request="0xd5448800" url="oauth.googleusercontent.com/" referer="" error="" authtime="28" dnstime="131" cattime="187" avscantime="0" fullreqtime="240067602" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.192.46" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="20400" request="0xa094000" url="i.ytimg.com/" referer="" error="" authtime="31" dnstime="2" cattime="122" avscantime="0" fullreqtime="240266938" device="1" auth="2" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="youtube" app-id="557"

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="216.58.192.14" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="11753" request="0xd2c46000" url="apis.google.com/.../proxy.html

2015:10:14-07:58:20 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="74.125.239.137" user="test.student" ad_domain="DOMAIN" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xe1f6e800" url="gg.google.com/csi

2015:10:14-07:58:21 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.195" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="148659" request="0xec6b800" url="ssl.gstatic.com/" referer="" error="" authtime="19" dnstime="1" cattime="67" avscantime="0" fullreqtime="240105792" device="1" auth="2" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:27 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.206" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5429" request="0xa1aa000" url="docs.google.com/" referer="" error="" authtime="23" dnstime="1" cattime="46" avscantime="0" fullreqtime="10112379" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="383" request="0xd667d800" url="www.google.com/url

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.171.184" dstip="64.233.189.104" user="test.student" ad_domain="DOMAIN" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="298" request="0xd667d800" url="www.google.com/.../ServiceLogin

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.239.38.120" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xd7d6f800" url="accounts.youtube.com/" referer="" error="" authtime="27" dnstime="1" cattime="76" avscantime="0" fullreqtime="18701223" device="1" auth="2" ua="" exceptions="av,auth,content,url,ssl,certcheck,mime,cache,fileextension,size" overridecategory="1"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.25.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5119" request="0xcd4e000" url="content.googleapis.com/" referer="" error="" authtime="24" dnstime="1271" cattime="64" avscantime="0" fullreqtime="17532208" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="74.125.28.95" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xe07b9800" url="fonts.googleapis.com/" referer="" error="" authtime="31" dnstime="2" cattime="104" avscantime="0" fullreqtime="19457034" device="1" auth="2" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googapis" app-id="176"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.217.195" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="5431" request="0xe4a81000" url="fonts.gstatic.com/" referer="" error="" authtime="30" dnstime="1360" cattime="113" avscantime="0" fullreqtime="18663674" device="1" auth="2" ua="" exceptions="" category="177" reputation="unverified" categoryname="Content Server" application="google" app-id="182"

2015:10:14-07:58:37 ***X httpproxy[31380]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.171.184" dstip="216.58.192.40" user="test.student" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="985" request="0xd9962000" url="ssl.google-analytics.com/" referer="" error="" authtime="29" dnstime="1" cattime="53" avscantime="0" fullreqtime="19455762" device="1" auth="2" ua="" exceptions="" category="178" reputation="trusted" categoryname="Internet Services" application="googanal" app-id="175"

google-sites-example.zip

Children

No Data