Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 14024 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

log shows blocking but still able to access website

RobertPierce1

Looking for a little help with Web Protection.  My youngest son is ADDICTED to youtube and I've tried a million different ways to block it without breaking a ton of other Google apps.  UTM offers the most promising solution.

I thought things were working well.  I've configured policy based routing on my firewall to push port 80/443 traffic to my UTM which is filtering in transparent mode.  I have streaming media blocked and even configured a specific block for youtube.com,ytimg.com,ytimg.l.google.com, youtube.l.google.com and googlevideo.com based on a post I fond on one of the forums.

If I use the policy test tool, UTM tells me that is www.youtube.com is blocked.  Yet, I keep finding my kids computer running youtube.  I close their browser, reopen it and go to youtube, and it's blocked.  Then, they're back on it again...  This morning, I flushed all the open sessions from my firewall then went in where they had it opened and clicked on a few video links which all opened up.  Simultaneously, I watched the live log which reported the links as being blocked (two of the logs below):

2016:08:26-08:36:29 nanny httpproxy[5792]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="CONNECT" srcip="192.168.127.197" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3094" request="0x9de99800" url="https://s.youtube.com/" referer="" error="" authtime="0" dnstime="0" cattime="206417" avscantime="0" fullreqtime="458026" device="0" auth="0" ua="" exceptions=""
2016:08:26-08:36:41 nanny httpproxy[5792]: id="0062" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden url detected" action="block" method="CONNECT" srcip="192.168.127.197" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3132" request="0x9de36a00" url="r5---sn-n4v7sn76.googlevideo.com/" referer="" error="" authtime="0" dnstime="0" cattime="210478" avscantime="0" fullreqtime="425865" device="0" auth="0" ua="" exceptions=""
I do have exceptions for Netflix and a bunch of other services, but the log clearly shows that the traffic should be blocked, but it's just not happening...  I'm at a total loss.


This thread was automatically locked due to age.
Parents
  • 0

    Possibly that particular site is blocked but there are others that don't appear to be on your block list such as www.youtu.be

    As others have mentioned he could be using a proxy or even a VPN.

    Blacklisting specific sites that are manually entered is very easy to bypass. Maybe you block youtube, but when to stop browsing Vimeo?

    So have you thought about blocking whole categories such as "streaming media"?

Reply
  • 0

    Possibly that particular site is blocked but there are others that don't appear to be on your block list such as www.youtu.be

    As others have mentioned he could be using a proxy or even a VPN.

    Blacklisting specific sites that are manually entered is very easy to bypass. Maybe you block youtube, but when to stop browsing Vimeo?

    So have you thought about blocking whole categories such as "streaming media"?

Children
No Data
Unfiltered HTML