I am working on Content Filtering and have set the group policy to Blanket Ban - I have also entered Exception Sites for this group policy and the exception sites are all showing in the dansguardian access logs as: *DENIED* Banned site: Blanket Block is active and that site is not on the white or grey list.
I have entered the sites I want to be able to access in the Exception Sites list and continue to get this error:
example log:
2020.7.16 14:39:33 kids_name 192.168.1.193 https://android.clients.google.com:443 *DENIED* Banned site: Blanket Block is active and that site is not on the white or grey list. CONNECT 0 0 3 403 - kids -
see attached screenshots for the General Settings; Exception Sites
Any help would be great - I have spent wayyyy tooo much time on this so far trying to figure it out... I think it is a bug.
I have entered the sites I want to be able to access in the Exception Sites list and continue to get this error:
example log:
2020.7.16 14:39:33 kids_name 192.168.1.193 https://android.clients.google.com:443 *DENIED* Banned site: Blanket Block is active and that site is not on the white or grey list. CONNECT 0 0 3 403 - kids -
see attached screenshots for the General Settings; Exception Sites
Any help would be great - I have spent wayyyy tooo much time on this so far trying to figure it out... I think it is a bug.
Share this post:
Responses (3)
-
Accepted Answer
I don't know where it is being blocked either. "grep microsoft /etc/dansguardian-av/* -r" returns nothing useful, but I wonder why the subdomains it finds need to be whitelisted, or are included in the whitelist by default. Do you have the Content FIlter updates installed?
BTW, Clearcenter's preferred solution for filtering is Gateway Management. It is much lighter on resources and does not require configuring the clients. I don't know how much the free version gives you, but the Business version is very flexible. -
Accepted Answer
Nick Howitt wrote:
Why have you included the port number in the exception site? Shouldn't it be just android.clients.google.com?
Thanks Nick... I just copied the DENIED domain and figured the port was also needed... since the field took it, I figured it was OK or needed.
I think I am making progress.... however I ran into another issue where the logs are showing:
18:31:52 kids_name 192.168.1.193 https://vortex.data.microsoft.com:443 *DENIED* Banned site: microsoft.com CONNECT 0 0 3 403 - kids -
however microsoft.com is not banned in any of the settings that I can see... there are zero banned sites for this group.
any ideas? -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »