In-addr; how I can unblock

webfilter
v7

(Christian Plaza) #1

How I can unblock this category in-addr, whe I put a IP address I can not go…

thanx.


(Marc) #2

It’s the option “Block access to web sites using ip address”


(Filippo Carletti) #3

@dnutan what do you think about removing that “Block access to web sites using ip address” option completely?
It was born as a way to stop malware that connected using ip addresses, but malware evolves rapidly and, while I don’t have actual stats, I think that it is no longer effective.
On the other side, transparent ssl proxy uses connect to ip addresses and can be affected if this option is on.
Finally, it “confuses” the sysadmin like @kristian1369

We could leave the feature in the code, making it possible to enable it from the command line, removing only the checkbox from the interface.


(Michael Träumner) #4

What do you think about to set the checkbox as unselected after installation? So the administrator definitely knows about it, if he has activated it. But please don’t change the status of it for already installed versions, or give a hint with a banner after update.


(Marc) #5

I’m not using proxy/webfilter but agree on not removing this feature as then proxy could be bypassed using ip addresses. I’d keep the checkbox.

Would make any sense to allow local networks IPs but block public IPs?


(Giacomo Sanchietti) #6

I agree with this approach: do not remove the option, only change the default inside the UI.

AFAIK is not possible with ufdbguard unless you write down very complex rules. IMHO it doesn’t worth it.


(Craig) #7

Content filters shouldn’t ever be filtering internal addresses. Usually adds overhead to the content filter that isn’t needed.

I don’t know much about the squid to ufdbguard communication, but would it be possible to just not have squid send over the redirect?


(Giacomo Sanchietti) #8

You’re right it’s already implemented like you said, but only for well-kown networks:


(Michael Träumner) #9

@kristian1369 Did you solve your problem?


(Craig) #10

By that script @kristian1369 shouldn’t be seeing a block if the 192.168.1.0 is in the green or blue networks.