enable https access if restriction is on
Moderator: Moderators
enable https access if restriction is on
hello,
my config is 1043nd v2 gargoyle 1.8.0
In an large public hall only one site was allowed.
In Access Restrictions - All Network Access is blocked. good
In Exceptions tab, Website URL(s): Permit only: domains contains: jw.org
Everything was fine, I mean every part of jw.org was accessible until the all site was moved to https protocol.
Now, I have only access to tv.jw.org and wol.jw.org. Those addess is related to jw.org, but is not using https protocol.
My question is: how to enable https access to have access again ONLY to https://jw.org and of course to all domain?
Please, help me. I am stuck here and the problem is very urgent.
Kind regards.
my config is 1043nd v2 gargoyle 1.8.0
In an large public hall only one site was allowed.
In Access Restrictions - All Network Access is blocked. good
In Exceptions tab, Website URL(s): Permit only: domains contains: jw.org
Everything was fine, I mean every part of jw.org was accessible until the all site was moved to https protocol.
Now, I have only access to tv.jw.org and wol.jw.org. Those addess is related to jw.org, but is not using https protocol.
My question is: how to enable https access to have access again ONLY to https://jw.org and of course to all domain?
Please, help me. I am stuck here and the problem is very urgent.
Kind regards.
Re: enable https access if restriction is on
I would like to see a screen shot of your page
Gargoyle - Firewall - Restrictions
Gargoyle - Firewall - Restrictions
Can you help someone else get Gargoyle up and running?
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
Re: enable https access if restriction is on
My apologies - I have struck a profound moral dilemma.
Can you help someone else get Gargoyle up and running?
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
TL-WDR3600 : Gargoyle 1.9.0 : NBN FixedWireless
TL-WR1043ND-V2 : Gargoyle 1.8.0 : 3G Huawei E160E
Re: enable https access if restriction is on
Hi xpender.
Please read the following posts;
viewtopic.php?f=6&t=1584
http://www.gargoyle-router.com/phpbb/vi ... =460#p2368
Basically the problem is that by the very nature of HTTPS, we cannot match by domain, it is encrypted. This isn't a bug, just the way it is.
Your best bet would be to change your approach to using IP address matching instead.
Please let me know if I can assist further.
Please read the following posts;
viewtopic.php?f=6&t=1584
http://www.gargoyle-router.com/phpbb/vi ... =460#p2368
Basically the problem is that by the very nature of HTTPS, we cannot match by domain, it is encrypted. This isn't a bug, just the way it is.
Your best bet would be to change your approach to using IP address matching instead.
Please let me know if I can assist further.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: enable https access if restriction is on
okay,
you are telling me to filter internet access by ip range.
Thats mean in:
Gargoyle - Firewall - Restrictions - everything will be blocked.
Gargoyle - Firewall - white list - Remote IPs - here will be the ip range of the site I want to allow. Right?
But, since jw.org is a large ip range domain like facebook perhaps, whow can I find the right ip range of www.jw.org?
I tried nslookup and whois from here: http://www.gargoyle-router.com/phpbb/vi ... =460#p2368
No success, yet.
And 10x for your quick reply.
you are telling me to filter internet access by ip range.
Thats mean in:
Gargoyle - Firewall - Restrictions - everything will be blocked.
Gargoyle - Firewall - white list - Remote IPs - here will be the ip range of the site I want to allow. Right?
But, since jw.org is a large ip range domain like facebook perhaps, whow can I find the right ip range of www.jw.org?
I tried nslookup and whois from here: http://www.gargoyle-router.com/phpbb/vi ... =460#p2368
No success, yet.
And 10x for your quick reply.
Re: enable https access if restriction is on
I've never done this so bare with me.
You have the restriction policy correct, we just need the ip ranges to enter.
My understanding of the instructions is:
NSLOOKUP on Jw.org and we take all their "A" records
Jw.org IN A 54.191.45.214 300s (5m)
Jw.org IN A 54.191.118.141 300s (5m)
Jw.org IN A 54.88.155.189 300s (5m)
Jw.org IN A 54.84.219.225 300s (5m)
Now we do a Whois on each of those ip addresses to find the range they control.
So it looks like the ranges you need to allow are:
54.188.0.0/14
54.88.0.0/16
54.80.0.0/12
54.72.0.0/13
^ note that this is written in CIDR notation which defines a range and will be accepted by the whitelist.
You have the restriction policy correct, we just need the ip ranges to enter.
My understanding of the instructions is:
NSLOOKUP on Jw.org and we take all their "A" records
Jw.org IN A 54.191.45.214 300s (5m)
Jw.org IN A 54.191.118.141 300s (5m)
Jw.org IN A 54.88.155.189 300s (5m)
Jw.org IN A 54.84.219.225 300s (5m)
Now we do a Whois on each of those ip addresses to find the range they control.
So it looks like the ranges you need to allow are:
54.188.0.0/14
54.88.0.0/16
54.80.0.0/12
54.72.0.0/13
^ note that this is written in CIDR notation which defines a range and will be accepted by the whitelist.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: enable https access if restriction is on
Hello,
thanks for your replay.
Sorry to tell you that, but is not working. All internet access is blocked.
Bellow is a screens of my restriction:
http://i67.tinypic.com/5anmrp.png
http://i68.tinypic.com/2wqenbt.png
I have no ideeas what to do from now on. Sorry
thanks for your replay.
Sorry to tell you that, but is not working. All internet access is blocked.
Bellow is a screens of my restriction:
http://i67.tinypic.com/5anmrp.png
http://i68.tinypic.com/2wqenbt.png
I have no ideeas what to do from now on. Sorry
Re: enable https access if restriction is on
I'll try and play with it and get back to you. I set up a rule to only allow my website and it worked fine so we are either using the wrong IP address ranges (probable, but I don't know why) or something else is going on.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.
Re: enable https access if restriction is on
Alright at this stage i think the best solution may be to create an opendns account, restrict all websites except for the one you want, and then set your opendns address on the router. You can also force users to use the router dns so that they cannot circumvent it.
I think this is going to be the easiest and most straight forward way.
https://www.opendns.com/
I think this is going to be the easiest and most straight forward way.
https://www.opendns.com/
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
Please be respectful when posting. I do this in my free time on a volunteer basis.