Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 14022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

log shows blocking but still able to access website

RobertPierce1

Looking for a little help with Web Protection.  My youngest son is ADDICTED to youtube and I've tried a million different ways to block it without breaking a ton of other Google apps.  UTM offers the most promising solution.

I thought things were working well.  I've configured policy based routing on my firewall to push port 80/443 traffic to my UTM which is filtering in transparent mode.  I have streaming media blocked and even configured a specific block for youtube.com,ytimg.com,ytimg.l.google.com, youtube.l.google.com and googlevideo.com based on a post I fond on one of the forums.

If I use the policy test tool, UTM tells me that is www.youtube.com is blocked.  Yet, I keep finding my kids computer running youtube.  I close their browser, reopen it and go to youtube, and it's blocked.  Then, they're back on it again...  This morning, I flushed all the open sessions from my firewall then went in where they had it opened and clicked on a few video links which all opened up.  Simultaneously, I watched the live log which reported the links as being blocked (two of the logs below):

2016:08:26-08:36:29 nanny httpproxy[5792]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="CONNECT" srcip="192.168.127.197" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3094" request="0x9de99800" url="https://s.youtube.com/" referer="" error="" authtime="0" dnstime="0" cattime="206417" avscantime="0" fullreqtime="458026" device="0" auth="0" ua="" exceptions=""
2016:08:26-08:36:41 nanny httpproxy[5792]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="CONNECT" srcip="192.168.127.197" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3132" request="0x9de36a00" url="r5---sn-n4v7sn76.googlevideo.com/" referer="" error="" authtime="0" dnstime="0" cattime="210478" avscantime="0" fullreqtime="425865" device="0" auth="0" ua="" exceptions=""
I do have exceptions for Netflix and a bunch of other services, but the log clearly shows that the traffic should be blocked, but it's just not happening...  I'm at a total loss.


This thread was automatically locked due to age.
Parents
  • 0

    Unfortunately youtube is probably the most common site that people want to get around the blocking of.  Google "unblock youtube" and you will find dozens of sites that proxy to youtube.  So although s.youtube.com is blocked they are getting through via unblockyoutube.co.uk or one of many other sites.  If you open youtube.com and it is blocked but he is opening (something?) and it is allowed then he could be going through a site like that.

    First thing to do would be to make sure you are scanning HTTPS.  Then watch the logs for all actions around the access he is doing.  You'll then begin the game of "wack-a-mole" in earnest.

    Unfortunately the fact is that you do not have a technical problem.  You have a social problem.  You have a son which is defying your restrictions.  Putting extra locks on won't help.  If your kid was drinking your booze the solution is not to put a lock on the liquor cabinet.  My son is too young to encounter this yet but I fear the day....

    Perhaps on next violation there is no internet connected devices allowed in his room overnight for the next week?

Reply
  • 0

    Unfortunately youtube is probably the most common site that people want to get around the blocking of.  Google "unblock youtube" and you will find dozens of sites that proxy to youtube.  So although s.youtube.com is blocked they are getting through via unblockyoutube.co.uk or one of many other sites.  If you open youtube.com and it is blocked but he is opening (something?) and it is allowed then he could be going through a site like that.

    First thing to do would be to make sure you are scanning HTTPS.  Then watch the logs for all actions around the access he is doing.  You'll then begin the game of "wack-a-mole" in earnest.

    Unfortunately the fact is that you do not have a technical problem.  You have a social problem.  You have a son which is defying your restrictions.  Putting extra locks on won't help.  If your kid was drinking your booze the solution is not to put a lock on the liquor cabinet.  My son is too young to encounter this yet but I fear the day....

    Perhaps on next violation there is no internet connected devices allowed in his room overnight for the next week?

Children
No Data
Unfiltered HTML