DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Users can bypass Web Content Filter

  • wyseman
  • Topic Author
  • Offline
  • New Member
  • New Member
More
14 Jan 2012 10:16 #70756 by wyseman
Users can bypass Web Content Filter was created by wyseman
I have a Vigor 2950 with firmware version 3.3.0. I have enabled the Web Content Filter and purchased the Commtouch Web-Filter license. I block most non-business related websites by genre, including things like Social Networking.

I have recently discovered that users can often bypass the Web Content Filter simply by hitting Refresh in their web browser a few times. It's a little hit-and-miss, sometimes it takes just a few clicks and sometimes it takes 20 clicks but all PCs that I have tested it on have the same problem.

I have isolated the router from my network and connected it to a single PC and can't reproduce the problem, suggesting that it is my network at fault and not the router, but I wondered if anybody else had experienced this or anybody had any suggestions as to what might be causing it.

Please Log in or Create an account to join the conversation.

More
16 Jan 2012 16:14 #70800 by ultranixjah
Replied by ultranixjah on topic Re: Users can bypass Web Content Filter
have you enabled logging? Maybe with the fast refresh it is causing a timeout checking the URL with the online service which will default to PASS the url.

You could also try changing the setting so that default behaviour if it can't reach the server is to BLOCK the url and see if the problem stops.

Be interested to hear your findings!!

Please Log in or Create an account to join the conversation.

More
17 Jan 2012 11:13 #70811 by j03y
Replied by j03y on topic Re: Users can bypass Web Content Filter
Ultranixjah is on the ball. If it's anything like the 2820s you have an option "enable strict security setting" under Firewall > General Setup. If you don't have this enabled and you are getting lots of traffic the router will pass the URL if it doesn't have the resources to check the request. Try enabling that option, if you have it, and test carefully.

In addition to this the 2820s have an option under CSM > Web Content Filter Profile for the cache. By default this is set to off I believe but try enabling "L1 + L2 cache" if it exists. This caches the result of the rule it just passed or failed for a brief second and might just help you keep performance up.

Might need to dig out a copy of the manual. Good luck!

Please Log in or Create an account to join the conversation.

  • wyseman
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Jan 2012 17:16 #70872 by wyseman
Replied by wyseman on topic Re: Users can bypass Web Content Filter

ultranixjah wrote: have you enabled logging? Maybe with the fast refresh it is causing a timeout checking the URL with the online service which will default to PASS the url.

You could also try changing the setting so that default behaviour if it can't reach the server is to BLOCK the url and see if the problem stops.

Be interested to hear your findings!!



I've been in contact with SEG Communications, who supplied me the router, and they have looked at log files, since I don't understand them. The same thought had crossed my mind, since there are times when I can't reproduce the problem, like a cold, wet Saturday afternoon in January when nobody else is in, so I have passed on these thoughts to them. I'm not sure how to set default behaviour to BLOCK if it is unable to communicate with the server.

Please Log in or Create an account to join the conversation.

  • wyseman
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Jan 2012 17:17 #70873 by wyseman
Replied by wyseman on topic Re: Users can bypass Web Content Filter

J03y wrote: Ultranixjah is on the ball. If it's anything like the 2820s you have an option "enable strict security setting" under Firewall > General Setup. If you don't have this enabled and you are getting lots of traffic the router will pass the URL if it doesn't have the resources to check the request. Try enabling that option, if you have it, and test carefully.

In addition to this the 2820s have an option under CSM > Web Content Filter Profile for the cache. By default this is set to off I believe but try enabling "L1 + L2 cache" if it exists. This caches the result of the rule it just passed or failed for a brief second and might just help you keep performance up.

Might need to dig out a copy of the manual. Good luck!



"Enable strict security setting" appears not to be an option on the 2950 however I have confirmed that L1+L2 cache is already enabled.

Please Log in or Create an account to join the conversation.

Moderators: Sami