Address Management Question

Discussion in 'ESET NOD32 Antivirus' started by Ohdarn, Mar 30, 2010.

Thread Status:
Not open for further replies.
  1. Ohdarn

    Ohdarn Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    35
    Hello all,

    This may be a little hard to understand, not the subject but me trying to detail what I am asking, please be patient. Please also ignore any bad formatting as I copied this out of a Note Pad file I wrote and I manually broke the lines to keep it narrow.


    By default under
    Web access protection
    HTTP, HTTPs
    Address management
    You choose to:

    Allow access only to HTTP addresses in the list of allowed addresses.
    What happens is all HTTP addresses are blocked except for the ones in
    the list. I however noticed that all HTTPS sites are allowed even
    though they are not in the list.

    I wanted to block all sites except for what I want the users to have
    access to. Example we are going to have cloud software where I work
    within a year maybe, and I have the front desk computers blocked from getting
    internet, they will need to have access to the cloud based software when we
    get it.

    I do not want any other sites HTTP or HTTPS to be available. This is a small
    business with just 4 computers in the employee office and has no need for a
    server or a full fledged proxy.

    I called ESET support but was very tired and falling asleep by the time they
    answered. They told me how to include SSL sites in the block list. I will show
    you here what they told me. I just want to make sure I have it right. Then what
    I am curious to know is, does anyone use these settings? If so how do they work
    out? Do they cause any other issues?

    See the information below on how to set this up.

    Thanks.
    Vince

    To include HTTPS Sites in the Allow access only to HTTP addresses in the
    list of allowed addresses do the following:
    In the Antivirus and Spyware menu find Protocol filtering.
    Go to the SSL section. Choose Always scan SSL protocol. Leave other option default.
    Now go to Web access protection and choose HTTP,HTTPS.
    In that section, choose the HTTPS Scanner filtering mode setup option, Choose
    Use HTTPS protocol checking for applications marked as Internet browsers that use
    selected ports. Leave the default ports.


    Now all HTTPS Pages not in the allowed list will not be accessible.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, blocking of HTTPS is only possible with HTTPS scanning enabled due to traffic encryption.
    2, you can make general exceptions by adding the asterisk * to the list of blocked addresses and add the desired exceptions to the whitelist.
     
  3. Ohdarn

    Ohdarn Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    35
    Marcos,
    Thanks for the reply.

    Let me see if I understand this. Unlike what ESET support stated, that I would need to enable HTTPS Scanning, are you telling me that I can add HTTPS* to the list of blocked addresses and masks, then add for example HTTPS://www.anysecuresite.com to the allowed list and this would set me up so all HTTPS sites except for the ones included in the list of allowed sites will be blocked?
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    As I wrote, SSL must be enabled in order for HTTPS sites to be manageable via BL/WL. So basically what you'd need to do is enable SSL filtering and then add HTTP* to the list of blocked addresses (or simply add *) and add the addresses you want to make accessible to the list of allowed addresses.
     
  5. Ohdarn

    Ohdarn Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    35
    Ok Great, I misunderstood, I thought you had a work around that I could use without enabling SSL Filtering. So the way ESET told me to do it which I tested to work ok should be just fine?

    Just one last little bit of info about this.

    Will I notice any difference in system performance with SSL Filter enabled other than what I notice on standard HTTP sites with SSL disabled?

    That's it.
    Thanks
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Scanning of any files/traffic has always certain impact on the performance. I presume you shouldn't notice any slowdown, but I'd suggest you test it yourself to make sure.
     
  7. Ohdarn

    Ohdarn Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    35
    Thanks for your help on this, I am sure this is how I will do things when time comes. I was testing it on my test machine that is less than one gig processor and 256mb ram running XPPro and testing over Wi-Fi. No big noticeable difference. Can't see that I would even notice any difference on the better machines with Fios hard wired.

    I will try to do the filtering with this program first because I can not see how it would be any slower than running everything through a proxy server.

    Thanks
     
  8. HUD

    HUD Registered Member

    Joined:
    Jun 4, 2009
    Posts:
    2
    Location:
    Belgrade, Serbia
    if you'll pardon may intrusion in this thread, I thought that my question would be in the same backyard with the topic

    so, it goes..
    program help states that one can use wildcard entries in the 'blocked addresses/masks' list with replacement characters '*' & '?'
    could there be also used some other replacement characters, like the ones in the list on this link:

    also, is it possible to use IP entries with specified ports, like in following list:
    http://www.workingproxies.org/plain-text




    10x 4 ur time :)
    greetz
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sorry, I was not clear. By wildcards I actually meant only the asterisk *.
    Your first link refers to regular expressions in general, not wildcards.
    As for blocking ports, this can be accomplished by the firewall in ESET Smart Security by creating the desired blocking/allowing rules.
     
Thread Status:
Not open for further replies.