Protex web interface
From E2BNWiki
Contents |
User Interface to the Protex Web-filtering system
Main Menu
This is the main Protex Web-interface screen which is accessed via a browser and is access controlled. The default password should be changed as soon as possible.
On the LA boxes it is possible to create other users who can modify the local lists. At the moment all users have the same rights - this may change in future and the structure is in place to have groups in some future release. NOTE: this is not available on School level systems where authentication is via Appliansys' own security mechanism on the CacheBox.
Most of the commands are dealt with in more detail below. Restart Protex must be selected once all the changes you want to make have been made. This command does a gentle restart on all profiles: this re-reads the URL lists but without breaking currently open sessions so it can be done while the system is running. Thus changes made locally are instantly available. This command also packages the changes for notification to E2BN. Non-emergency changes are done overnight but some (adding to the Pornogaphy category, for example) are notified every 15 minutes: the central management server will then distributre the changes to all other protex system region-wide.
Show Changes Log displays a log of local changes made to the lists. This is read only and include the IP address of the station making the change and the username used.
Advanced Menu Options
Most of the entries here are self-explanatory. Hard restart should only be used if a gentle restart fails as this will break all current connections and restart the Protex software. It does not reboot the system: currently reboots will need to be done remotely via ssh or locally from the console.
As noted above the Add User; Delete User and Change Password options are only available on the LEA Protex system.
The most important entry here is Delist a URL:see below.
Adding items to the local lists.
There are two forms on this page - you can only submit URL at a time. The top URL box allows you to add to the Block list; the lower one to either the Trusted or ContentCheck lists. With either group you must enter the URL; choose a category and, if you want, add a comment. This is useful if you forget why it was added later! For the bottom form you must also indicate whether it should be added to the Trusted or ContentCheck lists. If you are unsure of the difference go here for details of how the various lists works and the implications behind making a site Trusted.
Click on Submit to add the entry to the chosen list. When you have finished adding URLs remember to restart Protex to make the changes go live.
Removing items from the local lists.
Removing items from the local lists is even easier - just choose the list you want to change then...
...check the URL(s) you want to remove from the lists then click Delete. Again remember that for this change to actually take effect you must restart Protex from the mian interface.
Searching the lists for a URL
The dialog box alows you to search all the URL lists: the main Blacklist, the RBC lists and your own local lists. The search will match strings that occur at the start or end of an entry; if the entry contains the string or on an exact match. Remember that the lists do not contain the http:// or, usually, the www part of the URL. Also, subdomains do not have a trailing "/". These are mutually exclusive options but you may chose to search one, two or all the lists on the server.
The results are displayed in a pane which gives the list the match was found in and, after the ":", the exact URLs being matched. The list also indicates the category the URLs is in: below, for example, we can see that the URLs matches against "com.sk" are two phishing sites in the main blacklist.
De-Listing a site from the Blacklist.com and RBC level lists
Sometimes what is requried to adjust the URL lists is not to whitelist (i.e. Trust on ContentCheck) a site but to remove it from the URL list. In most cases this is not requried: simply using the add to a local list mechanism will be what is required and is the safest and least error prone method. The option to de-list a site is provided for those few occasions when it really is required: plese heed the warning here and made sure that (a) you understand the implications of any change and (b) you made any modifications to the local lists before de-listing a URL.
So, when is it requried?
An example will be the best illustration. This is a change that has been made to the Library system but not to the LEA/Schools' ones.
Geocities sites range from the banal to the obscene. And, as such, there are many entries of the form "someprefix.geocities.com/subdomain in the URLBlacklist.com lists. Some of these are under the Adult category, some are under Porn and yet others under Pets. However, under Porn is also the top level "geocities.com" domain itself.
How does this affect the Protex filter? In this case ALL geocities sites will be blocked unless a subdomain (e.g. geocities.com/mydomain) is explicitly listed in one of the "white" categories - for example Pets - or if it is listed at a Local or RBC level as Trusted or to be ContentChecked. So, on a case-by-case basis sites can be unblocked when required. This is how we currently deal with these on the school filters.
Libraries, however, wanted more freedom and did not want to have to unlist every OK geocities site. Clearly Trusting is not an option as then the pornograpohic sites will also be allowed. Similarly a simple ContentCheck will not be good enough as the image heavy sites may still get through and also the images from these sites would also diplay as thumbnails in the Google image search. In this case the solution is to remove the overarching domain from the blacklist.
By removing "geocities.com" from the blacklist the other blacklisted subdomains are still blocked; all whitelisted sites are still allowed; and everything else is content checked. Now we have rreversed the situation: we now block sites on a case-by-case basis rather than allowing sites on a case-by-case basis.
NOTE: While this change is suitable for Libraries I would not recommend it for systems used by schools: it was given as an example only.
Using this dialog box
Enter the exaclt URL you want to unlist in the top box and click on Submit. You may need to search the lists first to find the exact URL then "cut 'n paste" from the results.
Submitting the URL does a search on the main Blacklist and the RBC lists and put the results into the middle part of the dialog box. Select the one entry you want to de-list and click Submit. This will add the URL to the local list of de-listed URLs. (You will see the choice is removed from the middle and added to the list in the bottom third of the display which shows those URLs already de-listed.
USE WITH CARE: YOU ARE RESPONSIBLE FOR THE CONSEQUENCES OF ANY CHANGE WHICH IS LOGGED BOTH ON THE BOX AND SUBMITTED UP TO THE MANAGEMENT SERVER.
Protex log analysis
Currently the Protex filtering servers within the LA only log DENIED requests - those that are successful are not logged by the filter servers. All requests are, however, logged by the caches. This dialog box allows you to do some analysis of the filter logs currently on the server itself. NOTE: At the moment logs created by the cache software are only available through the Appliansys web interfaces although we do plan to provide another interface to the logs and to archive them in the future.
From this interface you can create a display of all the denied requests; or can limit the search by date; originating IP address; or (sub)domain requested.
By running a summary report you may also generate a list of the top sites being DENIED: this may be useful to spot potentially popular sites which are being denied and which you feel should be allowed either as a Trusted site or a ContentChecked one.
