Secure web sites doesn't work with "Allowed Sites"

Post your questions and problem reports here

Secure web sites doesn't work with "Allowed Sites"

Postby kollo » Mon Dec 22, 2008 11:59 pm

I have trouble getting the "Allowed Sites" feature to work with secure web sites (https, port 443). I use version 3.51 and Ithink it used to work in the previous version I had installed (3.41) by apppending :443 to the site name in the list allowed sites. This doesn't work in 3.51 and no matter what syntax I try I cannot get it to work.

Are secure web sites supported by "Allowed Sites"? If not can you please add support for it?

Kollo
kollo
 
Posts: 18
Joined: Sat Sep 22, 2007 1:33 pm

Re: Secure web sites doesn't work with "Allowed Sites"

Postby Karlis » Fri Jan 02, 2009 9:55 pm

You must go to "Allowed Services" and check - "Secure Web Pages". You can allow/block all secure websites, but not separate ones, because secure websites are acccessed via secure connection which means *nobody* not even iNet Protector can check what data flows, it just knows it is secure or not. So there is no way to filter these.

There is a workaround - you can also allow some secure sites by allowing their IPs (if you know what is an IP and how to obtain it).
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe

Re: Secure web sites doesn't work with "Allowed Sites"

Postby kollo » Tue Jan 06, 2009 12:21 am

Are you saying that iNet Protector doesn't see the address of a secure web site but can see the IP of it? That doesn't make sense to me. If you have the IP you can do a reverse lookup and get the address of the site.

I understand it is not possible to filter secure web sites for specific words but filtering by address shouldn't be a problem, right?

Kollo
kollo
 
Posts: 18
Joined: Sat Sep 22, 2007 1:33 pm

Re: Secure web sites doesn't work with "Allowed Sites"

Postby Karlis » Wed Jan 07, 2009 9:28 pm

Are you saying that iNet Protector doesn't see the address of a secure web site but can see the IP of it? That doesn't make sense to me. If you have the IP you can do a reverse lookup and get the address of the site.

Yes, two reasons:

1) IP filter applies to all traffic and it does not check the actual dataflow. Once IP is in the allowed list, any connection to this IP is allowed. Website filter, however, only checks web browsing traffic - it can see what website address has been requested (it does not care whether such site exists, it just sees what the user has reqquested). And with secure web browsing traffic you can not see what data the user has requested or sent.

2) The reverse lookup can not be used here, because no delay is acceptable and this lookup will take time. If used, it would slow down all internet programs, because time is reqquired to lookup domain name. Also any IP can have thousands of different domains mapped, so clearly reverse lookup is not a solution to this problem.
Karlis Blumentals
Blumentals Software
www.blumentals.net
User avatar
Karlis
Site Admin
 
Posts: 3598
Joined: Mon Jul 15, 2002 5:24 pm
Location: Riga, Latvia, Europe


Return to iNet Protector Support

Who is online

Users browsing this forum: No registered users and 9 guests