Author Topic: HTTPS URL website blocking not working  (Read 5321 times)

0 Members and 1 Guest are viewing this topic.

peter@eurocom-solutions.co.uk

  • Guest
HTTPS URL website blocking not working
« on: July 17, 2015, 03:41:53 PM »
Hi All,

I have been testing the webshield site blocking feature. While this does block HTTP URLs it does not appear to block HTTPS no matter what format or wildcard settings I put in the site blocking page. Note: I am changing this in a template on the portal although doing a change in the client also makes no difference.

I also note that on the portal under Settings template ➡ Windows Server ➡ Web Shield I have an enable tick box for HTTPS scanning but no such tick box exists on the client.

Is the HTTPS scanning feature still to be implemented in the client or is this just a bug that is known and will be fixed at a later date?

If there is a way to block HTTPS URLs can you enlighten me as to how.

Thanks in advance.

- Peter

Offline Jeff.S

  • Moderator
  • Jr. Member
  • *
  • Posts: 82
Re: HTTPS URL website blocking not working
« Reply #1 on: July 21, 2015, 03:39:29 PM »
HI,

When excluding a sit try adding the exclusion in this format *facebook* it should then block anything with "facebook" in the name. There are issues with twitter that we are aware of that it doesn't block the entire site but renders it usless for the most part.

Let me know if you have further questions or issues.


Thanks!


Jeff'

peter@eurocom-solutions.co.uk

  • Guest
Re: HTTPS URL website blocking not working
« Reply #2 on: July 21, 2015, 05:11:37 PM »
As I explained in my original post I have tried all combinations of wildcard formats and none stop HTTPS site access. The same wildcard formats do stop HTTP sites so this is an issue with HTTPS connections, hence my query whether this feature has been implemented in the client yet.

- Peter

Offline Jeff.S

  • Moderator
  • Jr. Member
  • *
  • Posts: 82
Re: HTTPS URL website blocking not working
« Reply #3 on: August 03, 2015, 04:06:07 PM »
Hi,

What browser are you using? Make sure when you add the exception in the portal it's populating on the local client(s).
There is an issue with HTTPS sites but as shown in the screen shot attached, I have had success with the *sitename* format.
Is there a specific site that you are trying to block that's not working?
For facebook, I tested this in Chrome, firefox and IE and all 3 blocked facebook.

If you can let me know some specifics as far as browser, version and site(s) you are having issues with, we will take a look and see if we can come up with something that will work for you.

Thanks!

Jeff


peter@visualtouchpos.com

  • Guest
Re: HTTPS URL website blocking not working
« Reply #4 on: August 10, 2015, 06:34:31 PM »
I think the issue here is that when you block *facebook* in the portal, http://*facebook* is saved to the client.




peter@eurocom-solutions.co.uk

  • Guest
Re: HTTPS URL website blocking not working
« Reply #5 on: August 11, 2015, 11:37:12 AM »
Hi Jeff,

Thanks for your reply... Having been away for a few weeks I looked at this issue again to get the information you asked for. Having started my test system, which had been off while I was away, and having made no changes to the portal or client settings, I tried accessing some of the sites in my block list and to my surprise it was now blocking the https sites.

I don't know whether it was a reboot or some other change / client update but the client is now blocking the https sites listed.

For your information I was testing with IE9+ and firefox 38 and 39. I always made sure the client had been updated with any changes I made on the portal prior to testing the blocking.

I had the following site blocking entries...

On portal:
*.facebook.*
https//*.facebook.*
http://*.facebook.*
www.msn.com*
https://www.msn.com

Which resulted in the following entries in the client
http://*.facebook.*
https//*.facebook.*
http://*.facebook.*
http://www.msn.com*
https://www.msn.com

I can confirm Peter313's observation about entries in the portal without http or https are being sent to the client or being interpreted by the client as http:// however this is not the cause of my issue as I have specifically added https:// entries for testing.

I will continue my testing with adding more sites to block to see if I can identify what actions may be needed (i.e. a reboot) before https entries in the portal are blocked by the client.

This has highlighted one issue that the portal or client defaults any entry without http or https as http only rather than what I would expect to happen that not specifying http or https should cause both to be blocked. Perhaps that is something you can pass back to the developers for comment / action.

- Peter

peter@eurocom-solutions.co.uk

  • Guest
Re: HTTPS URL website blocking not working
« Reply #6 on: August 14, 2015, 11:09:36 AM »
Hi Jeff,

I have confirmed that my failure to block HTTPS sites is related to Windows Server 2003 as it always gets blocked on Windows Server 2012. Both systems are using the same template so its not a config error.

See https://forum.avast.com/index.php?topic=175110.0 for another issue related to HTTPS blocking on XP/2003.

Seems the HTTPS / SSL scanning is broken when running avast client on XP or Win2K3.

- Peter

Offline Zeniit

  • Beta Tester
  • Jr. Member
  • **
  • Posts: 57
Re: HTTPS URL website blocking not working
« Reply #7 on: August 14, 2015, 09:51:26 PM »
Windows XP with SP2?
Windows 7 Pro 64bit -  Avast IS BETA channel - Firefox 47.0.1 x64 - Thunderbird 45.2 - avast! mobile security