Address Management Question

Hello all,

This may be a little hard to understand, not the subject but me trying to detail what I am asking, please be patient. Please also ignore any bad formatting as I copied this out of a Note Pad file I wrote and I manually broke the lines to keep it narrow.


By default under
Web access protection
HTTP, HTTPs
Address management
You choose to:

Allow access only to HTTP addresses in the list of allowed addresses.
What happens is all HTTP addresses are blocked except for the ones in
the list. I however noticed that all HTTPS sites are allowed even
though they are not in the list.

I wanted to block all sites except for what I want the users to have
access to. Example we are going to have cloud software where I work
within a year maybe, and I have the front desk computers blocked from getting
internet, they will need to have access to the cloud based software when we
get it.

I do not want any other sites HTTP or HTTPS to be available. This is a small
business with just 4 computers in the employee office and has no need for a
server or a full fledged proxy.

I called ESET support but was very tired and falling asleep by the time they
answered. They told me how to include SSL sites in the block list. I will show
you here what they told me. I just want to make sure I have it right. Then what
I am curious to know is, does anyone use these settings? If so how do they work
out? Do they cause any other issues?

See the information below on how to set this up.

Thanks.
Vince

To include HTTPS Sites in the Allow access only to HTTP addresses in the
list of allowed addresses do the following:
In the Antivirus and Spyware menu find Protocol filtering.
Go to the SSL section. Choose Always scan SSL protocol. Leave other option default.
Now go to Web access protection and choose HTTP,HTTPS.
In that section, choose the HTTPS Scanner filtering mode setup option, Choose
Use HTTPS protocol checking for applications marked as Internet browsers that use
selected ports. Leave the default ports.


Now all HTTPS Pages not in the allowed list will not be accessible.

 

1, blocking of HTTPS is only possible with HTTPS scanning enabled due to traffic encryption.
2, you can make general exceptions by adding the asterisk * to the list of blocked addresses and add the desired exceptions to the whitelist.

 

Marcos,
Thanks for the reply.

Let me see if I understand this. Unlike what ESET support stated, that I would need to enable HTTPS Scanning, are you telling me that I can add HTTPS* to the list of blocked addresses and masks, then add for example HTTPS://www.anysecuresite.com to the allowed list and this would set me up so all HTTPS sites except for the ones included in the list of allowed sites will be blocked?

 

As I wrote, SSL must be enabled in order for HTTPS sites to be manageable via BL/WL. So basically what you'd need to do is enable SSL filtering and then add HTTP* to the list of blocked addresses (or simply add *) and add the addresses you want to make accessible to the list of allowed addresses.

 

Ok Great, I misunderstood, I thought you had a work around that I could use without enabling SSL Filtering. So the way ESET told me to do it which I tested to work ok should be just fine?

Just one last little bit of info about this.

Will I notice any difference in system performance with SSL Filter enabled other than what I notice on standard HTTP sites with SSL disabled?

That's it.
Thanks

 

Scanning of any files/traffic has always certain impact on the performance. I presume you shouldn't notice any slowdown, but I'd suggest you test it yourself to make sure.

 

Thanks for your help on this, I am sure this is how I will do things when time comes. I was testing it on my test machine that is less than one gig processor and 256mb ram running XPPro and testing over Wi-Fi. No big noticeable difference. Can't see that I would even notice any difference on the better machines with Fios hard wired.

I will try to do the filtering with this program first because I can not see how it would be any slower than running everything through a proxy server.

Thanks

 

if you'll pardon may intrusion in this thread, I thought that my question would be in the same backyard with the topic

so, it goes..
program help states that one can use wildcard entries in the 'blocked addresses/masks' list with replacement characters '*' & '?'
could there be also used some other replacement characters, like the ones in the list on this link:

http://moinmaster.wikiwikiweb.de/BadContent
​

also, is it possible to use IP entries with specified ports, like in following list:
http://www.workingproxies.org/plain-text




10x 4 ur time
greetz

 

Sorry, I was not clear. By wildcards I actually meant only the asterisk *.
Your first link refers to regular expressions in general, not wildcards.
As for blocking ports, this can be accomplished by the firewall in ESET Smart Security by creating the desired blocking/allowing rules.