ClearFoundation

I am experiencing the same thing.
I'm not able to get the protocol filter to filter anything.
I'd love to see this work.
Is it working for others?

Bryan Guidroz wrote:
I am experiencing the same thing.
I'm not able to get the protocol filter to filter anything.
I'd love to see this work.
Is it working for others?
Hi Bryan,

Sure, it's working fine for me, but I guess it all depends on what you are trying to filter.
Not mentioning that, the settings that you use or what you did to try to resolve it, makes it really difficult to assist you.

Greetings,

John

Ok... My gateway is running COS5.1. I am running the content-filtering proxy (tried in transparent mode and non-transparent mode). I started the protocol filter.

I attempted to block the jpeg file type (simply to test its functionality.)
I went to images.google.com and searched for cars.
jpegs of cars passed through the gateway.
I thought maybe because I'm running the proxy, that may interfere with the functioning of the protocol filter as it relates to web traffic. (and shutting down the filter isn't an option.)
So, I tried to block MSN messenger.
I saw 2 MSN protocols in the protocol filter list, so blocked them both.
MSN messenger continued to work.
Read that established MSN messenger connections may not be blocked, so I rebooted the laptop and MSN messenger continued to work.
Realized that it's now called Live messenger, so thought maybe the protocol changed thus the protocol filter may not identify this traffic.
Finally, I blocked bittorrent.
I successfully downloaded a Fedora ISO using Transmission.
Then I posted this:
www.clearfoundation.com/component/option...0/func,view/id,1125/

Hoping to start a conversation to help me understand how this is supposed to work.
It is likely that I do not understand something or am doing something wrong.
How I thought this would work is… I’d click Block JPEGs on my gateway (proxy or not) and jpegs would not pass through the box.
Any guidance would be appreciated.
What settings are you using?

Hi Bryan,

First of all ... I am no expert at this, but with the parts I do understand I will try to help you and maybe with the help of others you will be able to solve your problem to your satisfaction.

Bryan Guidroz wrote:
I attempted to block the jpeg file type (simply to test its functionality.)
I tested it successfully by adding the "Add" filter and browsed to some commercial sites that I know.
Also by adding the "Adult" filter and searched "sex" in Google.(I know ... but it worked ... )
Why the ".jpg" filter did not work, I don't know.

Bryan Guidroz wrote:
I thought maybe because I'm running the proxy, that may interfere with the functioning of the protocol filter as it relates to web traffic.
See this post:
#7036

Bryan Guidroz wrote:
So, I tried to block MSN messenger.
I saw 2 MSN protocols in the protocol filter list, so blocked them both.
MSN messenger continued to work.
Read that established MSN messenger connections may not be blocked, so I rebooted the laptop and MSN messenger continued to work.
Realized that it's now called Live messenger, so thought maybe the protocol changed thus the protocol filter may not identify this traffic.
See this post:
#3903

This is mentioned on the User Guide Content Filter:
The ClearSDN Content Filter Updates service provides weekly blacklist updates to improve the effectiveness of the content filter system. These blacklists are compiled from third party organizations as well as internal engineering resources from ClearCenter. We keep tabs on the latest available updates and fine tune the system so you can focus on more important things.
Bryan Guidroz wrote:
Finally, I blocked bittorrent.
I successfully downloaded a Fedora ISO using Transmission.
See this post:
#6141
Additionally I can add that 100% blocking of torrents is quiet difficult.
Maybe with another approach you will be able to discourage it.
For example by implementing a connlimit.
See this post and following:
#6215

For now this is it.
I will check your other thread to see if there is anything new to add there and maybe some of the experts will be so friendly to either confirm this or to inform you about other solutions.

Greetings,

John

I also have experience the same problem on ClearOS 5.2 sp 1. Where I've been doing blocks in:

1. Gateway - Proxy and Filtering - Content Filter - Phrase Lists> Peer-to-peer (check)
2. Gateway - Proxy and Filtering - Content Filter - Banned File Extensions> Extensions Custom ¨.torrent¨ (check)
3. Gateway - Proxy and Filtering - Content Filter - Banned MIME Types> Custom MIME Types ¨application/bittorrent¨, ¨application / x-bittorrent ¨, ¨torrent¨, ¨torrent/torrent¨, ¨torrent/x-torrent¨ (all checked )
4. Gateway - Protocol Filter - Filter Configuration Protocol> Peer-to-peer (all checked)
5. Gateway - Intrusion Protection - Intrusion Detection> Policy Rules - Peer to peer detection (check) only as a report

Everything had no effect, and I can still download the torrent file using Transmission on ubuntu and also utorrent in windows.

Hello

I'm using ClearOS enterprise 5.2 and still does not allow to have transparent proxy+protocl filter.

is there any bypass to this (without having to have 2 different machines, one proxy and one protocol firter)

This may seem mynute but here we go. I think you need to check whether your proxy is not transparent. as when it is some traffic will bypass the filtering. Just a thought

Same result as mine. Protocol content Filter does not work even if it is enabled. I used bittorrent client for downloading, and my proxy authentication is enabled.
I already tried to block the .torrent in mime type and phrase list under content filter, same result has been experienced.

I also tried to block torrent (ports) download using squid.

vi /etc/squid/squid.conf

acl Denied_ports port 1025-65535
http_access deny Denied_ports
http_access deny CONNECT Denied_ports


Maybe someone can help us.

Thank you very much

Same thing here,

Using ClearOS 6.2, transparent proxy + protocol filter

Checked the protocol filter conf file - the P2P entries are there

Doesn't block P2P traffic whatsoever,

What it does is block outgoing FTP sessions - when I try to access any webhost FTP account or external FTP Server, with this setup I get past authentication just fine, and the session times out at this point:

Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (41,221,195,42,195,85).
Command: MLSD

(Filezilla FTP Client)

I read in another thread in these forums that maybe Transparent Proxy + Protocol Filter don't mix well together, and like the original poster, I don't see how it should relate.