| Https Site login without authentication with kerio control [message #135854] |
Tue, 20 June 2017 13:36  |
MSH
Messages: 19
Registered: August 2016
Location: IR
|
|
|
|
Hi
in my network users must be authenticated for accessing internet web sites but the problem is for http sites this is ok and users should enter their usernames and passwords to access these sites but for https there is a problem users can access these websites without any authentication I used many rules but nothing happened except completely blocked https(according to this forum)and test it with any version of Kerio Control but this problem dose not solved yet!
I want to know if this is a BUG for kerio or there is a way to solve this. it seems this problem will not solve with writing traffic rule because I tried many rules.
BR
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Https Site login without authentication with kerio control [message #135867 is a reply to message #135854] |
Tue, 20 June 2017 20:32  |
merc
Messages: 6
Registered: January 2015
|
|
|
|
Quote:Regarding your question, I don't quite understand what you're asking. You can add IP address groups in the Content Filter by adding the column (it is hidden by default).
Hep, my English is not good,
I ask my question with example:
In HTTPS filtering option it's not possible to exclude specific traffic from decryption by choosing the Finance/Investment in the Application and Web Categories.
and,
With the IP addresses groups we must to know all ip and it's not possible to use * EX: *domain*
|
|
|
|
|
|
|
|
| Re: Https Site login without authentication with kerio control [message #136138 is a reply to message #135854] |
Fri, 14 July 2017 05:42 |
fco18us
Messages: 6
Registered: August 2016
|
|
|
|
THE SOLUTION FOR THIS IS SIMPLE IF YOU NEED ALL COMPUTERS LOGIN WITH HTTP OR HTTPS:
1) FIRST CHECK IN WEB AUTHENTICATION ALWAYS REQUIRE USERS TO BE AUTHENTICATED WHEN ACCESSING WEB PAGES
2) IN CONTENT FILTER SELECT HTTPS FILTERING AND CHECK DECRYPT AND FILTER HTTPS TRAFFIC AND CHECK SHOW LEGAL NOTICE TO USER, IN HTTPS FILTERING EXCEPTIONS CHECK EXCLUDE SPECIFIED TRAFFIC FROM DECRYPTION AN AFTER IN TRAFFIC TO/FROM IP ADRESSES WHICH BELONG TO: SELECT HTTPS EXPLUSION AN AFTER IN TRAFFIC FROM THE FOLLOWING USER: ADD ALL GROUPS ARE YOU CREATED ON FIREWALL,
THIS WORK FINE FOR ME, ANY COMPUTER IN MY NETWORK THAT NO HAVE USER AUTHENTICATTION NO CAN SURF IN HTTP OR HTTPS, THEIR NEED USER AND PASSWORD FOR GET ACCESS ON INTERNET, ATTACH AND IMAGE OF CONTENT FILTER IN HTTPS FILTERING.
SORRY FRIENDS MY ENGLISH IS BAD, REGARDS
|
|
|
|
| Re: Https Site login without authentication with kerio control [message #136143 is a reply to message #136138] |
Fri, 14 July 2017 14:55 |
giampos
Messages: 82
Registered: May 2005
|
|
|
|
Ok but are they always redirected to login page automatically??
Also if the fist page is Https?
Second Question:
Enabling Https filtering all clients will be prompted onto certificate page error?
fco18us wrote on Fri, 14 July 2017 05:42THE SOLUTION FOR THIS IS SIMPLE IF YOU NEED ALL COMPUTERS LOGIN WITH HTTP OR HTTPS:
1) FIRST CHECK IN WEB AUTHENTICATION ALWAYS REQUIRE USERS TO BE AUTHENTICATED WHEN ACCESSING WEB PAGES
2) IN CONTENT FILTER SELECT HTTPS FILTERING AND CHECK DECRYPT AND FILTER HTTPS TRAFFIC AND CHECK SHOW LEGAL NOTICE TO USER, IN HTTPS FILTERING EXCEPTIONS CHECK EXCLUDE SPECIFIED TRAFFIC FROM DECRYPTION AN AFTER IN TRAFFIC TO/FROM IP ADRESSES WHICH BELONG TO: SELECT HTTPS EXPLUSION AN AFTER IN TRAFFIC FROM THE FOLLOWING USER: ADD ALL GROUPS ARE YOU CREATED ON FIREWALL,
THIS WORK FINE FOR ME, ANY COMPUTER IN MY NETWORK THAT NO HAVE USER AUTHENTICATTION NO CAN SURF IN HTTP OR HTTPS, THEIR NEED USER AND PASSWORD FOR GET ACCESS ON INTERNET, ATTACH AND IMAGE OF CONTENT FILTER IN HTTPS FILTERING.
SORRY FRIENDS MY ENGLISH IS BAD, REGARDS
|
|
|
|
|
|
| Re: Https Site login without authentication with kerio control [message #137104 is a reply to message #135860] |
Tue, 03 October 2017 07:04 |
bthertz
Messages: 2
Registered: October 2017
|
|
|
|
Quote:Rather than allowing these connections, you can create a traffic rule that permits HTTPS traffic only for authenticated users. This way, users will not be able to reach secure sites unless they are first authenticated.
Brian,
I have tried to create a rule to just this in Kerio Control v9.2.3 and it essentially stops all HTTPS traffic for all users even authenticated users. Where would this rule need to land in the hierarchy of the traffic rules. It would be nice if there could be a custome redirect like there is with the content filter however I am okay with a blank page.
The rule is setup as follows.
Source: Authenticated Users
Destination: Any
Service: HTTPS
IP Version: Any
Action: Allow
Translation: N/A
Valid Time: Any
|
|
|
|
|
|
|
|
|
|
Members
Search
Help
Register
Login
Home
