Web filtering with DrWeb11 under Rosa Linux 2016 is not working .... by example - if social networks are blocked i still can contact FB, VK ... - also putting these sites to the blacklist does not bring any results
DrWeb11-RosaLinux2016KDE- Web Filter not working
#1
Отправлено 04 Март 2019 - 10:28
#2
Отправлено 04 Март 2019 - 10:35
i still can contact FB, VK
through http or https?
#3
Отправлено 04 Март 2019 - 10:48
i am not sure - SSL/TLS interception is not acitavted - i was not able to get it working with thunderbird - root cert is installed but i still was not able to connect to google mail services - so i deactivated this feature - because i don´t know how the prebuilt filters are done within DrWeb i cannot answer your question in a better way
#4
Отправлено 04 Март 2019 - 11:55
SSL/TLS interception is not acitavted
So, you can contact FB, VK via https
#5
Отправлено 04 Март 2019 - 12:16
Dear "Dr.Web Staff" :-)
- yes, it´s possible both ways - in the meantime i "tripple-checked" with:
Chromium (Version 71.0.3578.98 (Сборка ROSA) ROSA 2016.1 (64-Bit)), Firefox 64.0.2 and my favourite browser Vivaldi (2.3.1440.48 (Stable channel) (64-Bit))
Thunderbird is 52.9.1
Both root certs are installed (For Mozilla Firefox and Thunderbird) also in Chromium.
I have also made a check with SSL/TLS enabled and disabled in Dr. Web - no difference at all - the adresses in the blacklist are both http and https
For your additional information: i work with Kernel 4.15 on an AMD
Thank you for your time!
#6
Отправлено 04 Март 2019 - 13:48
Sorry, quickly I tried to reproduce your problem only on ROSA Desktop Fresh R9 release 2016.1 for i586 (kernel 4.9.20) with Firefox firefox-52.0.2-1.
As you can see, in this case we can block sites with https.
You can read how to configure product here
Прикрепленные файлы:
Сообщение было изменено Igorn: 04 Март 2019 - 13:49
#7
Отправлено 04 Март 2019 - 17:01
Dear Igorn, same settings here in Rosa R10 - BUT in reality the result does not work - please see at the images - kinds regards, TP
#8
Отправлено 05 Март 2019 - 09:25
Sorry - here are the actual screenshots - any clues?
Прикрепленные файлы:
#9
Отправлено 05 Март 2019 - 09:58
Please, show output of the following commands:
#drweb-ctl li -d
#drweb-ctl ap
#drweb-ctl cfshow linuxfirewall
#drweb-ctl -v
Сообщение было изменено Igorn: 05 Март 2019 - 10:00
#10
Отправлено 05 Март 2019 - 11:12
#11
Отправлено 05 Март 2019 - 11:48
LinuxFirewall.UnwrapSsl = No
First of all, change it to "Yes" (for example, via settings in drweb-gui)
#12
Отправлено 05 Март 2019 - 11:58
#13
Отправлено 05 Март 2019 - 14:07
On your screenshot I see green lock. Compare with my screenshot - there's yellow lock (because browser uses our certificate).
Maybe, you did not add our certificate то browser.
For adding it, use settings "Network" in drweb-gui (read "Details" there)
After that, restart your Firefox.
Прикрепленные файлы:
Сообщение было изменено Igorn: 05 Март 2019 - 14:22
#14
Отправлено 05 Март 2019 - 15:37
Dear Igor,
unfortunately i did - very strange - so pleae have a look, cert storage for Firefox and Chromium ...
Прикрепленные файлы:
#15
Отправлено 05 Март 2019 - 15:47
Just to add: tested the antivirus functionality with EICAR - works fine, immediate detection after download -
http://2016.eicar.org/86-0-Intended-use.html
#16
Отправлено 05 Март 2019 - 15:56
immediate detection after download
- If detection works AFTER download - so SpIDer Guard detectes it.
http://2016.eicar.org/86-0-Intended-use.html
- here is a link to http
#17
Отправлено 05 Март 2019 - 19:24
That´s what i´ve said ... in the meantime i got the error message 102 - i restarted the webgate as mentioned - immediatly i got a certificate warning in Mozilla Thunderbird and all the complete internet access was blocked - so i restarted the machine again and now it seems to work again except that blocking feature.
#18
Отправлено 06 Март 2019 - 14:47
Try to do follows
1. close all Firefox windows
2. temporary switch off SpIDer Guard
3 switch on SpIDer Gate and option "check ssl/tls"
4. run in console:
$ wget https://secure.eicar.org/eicar.com--no-check-certificate
SpIDer Gate works if you see:
--2019-03-06 10:28:45-- https://secure.eicar.org/eicar.com
Resolving secure.eicar.org... 213.211.198.58
Connecting to secure.eicar.org|213.211.198.58|:443... connected.
WARNING: cannot verify secure.eicar.org's certificate, issued by ‘CN=SpIDer Gate Untrusted Root Certificate,OU=SpIDer Gate,O=DrWeb,L=Moscow,C=RU’:
Unable to locally verify the issuer's authority.
HTTP request sent, awaiting response... 403 Blocked by SpIDer Gate
2019-03-06 10:28:45 ERROR 403: Blocked by SpIDer Gate.
- show your output
5. start Firefox, then open New Private Window
In this window try to open https://www.facebook.com
Show the screenshot of this window
6. if the site opens, additionally, show a screenshot with information about the certificate used on this site (click on lock -> show certificate)
Сообщение было изменено Igorn: 06 Март 2019 - 14:49
#19
Отправлено 06 Март 2019 - 18:34
$ wget https://secure.eicar.org/eicar.com--no-check-certificate
Sorry, use
$ wget https://secure.eicar.org/eicar.com --no-check-certificate
Сообщение было изменено Igorn: 06 Март 2019 - 18:34
#20
Отправлено 06 Март 2019 - 21:56
Dear Igor - the Virus detection is fine - i didn´t see the same result in the console but i got the warning / detection message from DrWeb - it´s also documented in the "Virus-Quarantäne" - it did the same regarding the web filter - still the same - it is not working, please see the result
Прикрепленные файлы:
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых