3/16/2010 This session Netsweeper Blocking and Unblocking Charles Steinhaus Network Consulting Rebecca Wall Technical Support MOREnet Knowledgebase: help@more.net Thursday, 11 a.m. – Noon www.more.net University of Missouri Copyright 2010 MOREnet and the Curators of University of Missouri MOREnet Hosted • MOREnet Hosted vs. Member Hosted • Define Group & Clients • Tasks – How to use the local deny list – Submitting a url for review by Netsweeper – “Member Hosted Only” • Using the URL List Manager • Blocking Tips, like Facebook, https, Google Video, Craigslist personals… • Questions? Member Hosted • You provide a workstation server • MOREnet Hosts the server • Full access to reports, & log files • MOREnet Router redirects http (port 80) traffic • User based filtering (A/D, eDir) • Desktop client available for protocol filtering • Protocol based filtering 1 3/16/2010 Clients and Groups • Groups- Used to define a section of users. An organization can have multiple Groups (i.e. one for teachers and one for students) Local Deny List 1. Login to your Netsweeper server 2. Click on Policy Management / Group Manager. 3. Click the name of the Group you want to edit. • Clients- Individual users or workstations. Groups are made up of Clients. Local Deny List 4. Scroll to the Policies section, and click the Policy you want to edit. 5. Scroll down the Policy Page to Local URL/Keyword List. In the drop down list select Local Deny URLs/ Keywords. Local Deny List 6. In the Add Entry box, enter a “keyword search” or the url you want blocked. Click Add Note: URLs must begin with http:// Keywords are for search engines 7. Click Apply Settings at the top and click Apply 2 3/16/2010 Submitting URLs for Review 1. Select URL Tools / URL Alert 2. Enter the requested information URL List Manager 1. Select URL Tools / URL List Manager 2. In the drop down list select the list to edit 3. Click Submit. URLS are reviewed within 48 hours URL List Manager Authority Ranking: URL List Manager Definitions: Highest Authority Level Deny Page Allow URL List System URL List Global Allow/Deny List - Applies to all Groups on the system. Entries in this list can be overridden by the Local Allow/Deny List Local URL/Keyword Lists Global URL Lists Lowest Authority Level System Allow/Deny List - Applies to all Groups on the system. This list overrides the Global and Local URL lists and cannot be overridden Category URL List 3 3/16/2010 URL List Manager System Allow/Deny Protocol List - Applies to all Groups on the system. Used to block certain protocols (example: https) and overrides the Local Lists URL List Manager 1. Type the URL in the Add URL box and click Add 2. Click Apply Settings at the top, click Apply Deny Page Allow URL List - Ensures that all components of a deny page are displayed regardless of the policy applied Custom Search Patterns using REGEX (Regular Expressions) • RegEx is a programing language used for text string pattern searches • Netsweeper uses RegEx for patterned Blocking • RegEx is supported on the following lists: - Local Allow/Deny List - Global Allow/Deny List - System Allow/Deny List - System Allow Protocol List Tip: Block all Google video sites regardless of TLD* Option 1: Enter each domain you want blocked http://video.google.com http://video.google.ca http://video.google.co.uk This is time consuming * TLD=Top Level Domain ie .com or .ca or .uk 4 3/16/2010 Option 2: Block all Google video sites using RegEx A better solution is to use RegEx over all the Google domains in one statement Tips: Block exe & URL name EXE Tip Block any file with the extension exe Block List Block List /^http://.+\.+exe/ /^http://video\.google.*/ * The preceding and trailing slashes / / describes what to parse * The ^ preceding the http tells the parser where to begin Word Tip Block a url containing a specific word Block List Common Craigslist Blocks /^http://.*porn.*/ Tip: Block all SSL/TLS traffic Tip Block erotic services on CraigsList.com Block List Block List /^http://.*craigslist.*category=ers/ /^http://.*\.ssl\.misc\.protocol-check\.net-sweeper\.com.*/ New Version /^https://* Tip Block personals on CraigsList.com Block List /^http://.*craigslist.*[m|w|t|mw|mm|ww]4.*/ 5 3/16/2010 Tip: Block keywords in search strings Code http://www.youtube.com/results?search_type=&search_query=sex&aq=f is the result if someone searches for sex on YouTube - or The following will block sex, but allow words like "essex" and "sextant" Code https Code for Facebook Code /^http://69.63.*\:443/ /^http://66.220.*\:443/ /^http://96.7.*\:443/ /^http:\/\/.*youtube\.[^/]*/.*\?.*[=|+]sex[|+|&].*$/ Tip Block Facebook from using https New Local SSL Block • Try nslookup on the DNS name for the IPs. New Version in version 2.6.27.33+ and IE8 & FF3.5 Code (Not RegEx) https://facebook.com • You may need nstail on the Netsweeper server [me@localhost] nstail Watch for https:// entries 6 3/16/2010 Questions? help@more.net Tel: 800 509-6673 Tel: 573 884-7200 7 Netsweeper Tips and Tricks Additions to the Local Deny List 1. Log into the policy server. (For MOREnet Hosted users this is at http://tigers.more.net/) 2. In the left hand side menu, click on Policy Management, and then click Group Manager. 3. Find your Group and click on the name of the Group that you want to edit. 4. On the Group Policy Page, scroll down to the Policies section and click on the name of the Policy you want to edit. 5. On the Policy Page, scroll down to the Local URL/Keyword List section. In the drop down select Local Deny URLs/Keywords. 6. In the Add Entry box, enter either a keyword or a url you want blocked. Click add. Note: URLs must be entered beginning with http://. Encode is used for entries containing nonalphanumeric characters. 7. Click Apply Settings at the top. Then Click the Apply button. Submitting URLs for Review 1. In the left hand side menu, click URL Tools and then click URL Alert. 2. Enter the requested information in the following two boxes. 3. Click Submit. URLS should be reviewed and recategorized (if needed) within 48 hours. URL List Manager 1. In the left hand side menu, click URL Tools and then click URL List Manager. 2. In the Select List drop down, choose the list you wish to add to. 3. Type the URL in the Add URL box and click the Add button. 4. Click Apply Settings at the top, and then click the Apply button. Definitions: Global Allow/Deny List- Applies to all Groups on the system. Entries in this list can be the Local Allow/Deny List. overridden by System Allow/Deny List- Applies to all Groups on the system. This list overrides the Global and Local URL lists and cannot be overridden. System Allow/Deny Protocol List-Applies to all Groups on the system. Used to block certain protocols (example: https) and overrides the Local Lists. Deny Page Allow URL List-Ensures that all components of a deny page are displayed regardless of the policy applied. Authority Ranking: Deny Page Allow URL List-Highest Authority System URL Lists Local URL/Keyword Lists Global URL Lists Category URL List-Lowest Authority Regex Cheat Sheet Character \ Match the escape character - used to find an instance of a metacharacter like a period, brackets, etc. match any character except newline . (period) x match any instance of x ^x match any character except x [x] match any instance of x in the bracketed range - [abxyz] will match any instance of a, b, x, y, or z | (pipe) an OR operator - [x|y] will match an instance of x or y () used to group sequences of characters or matches {} used to define numeric quantifiers {x} match must occur exactly x times {x,} match must occur at least x times {x,y} match must occur at least x times, but no more than y times ? preceding match is optional or one only, same as {0,1} * find 0 or more of preceding match, same as {0,} + find 1 or more of preceding match, same as {1,} ^ match the beginning of the line $ match the end of a line Reference http://support.netsweeper.com
© Copyright 2024