DNS blacklist

From Secure Web Gateway
Revision as of 13:32, 31 October 2018 by en>Santosh.thorat
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview

Set the DNSBL reference service to prevent users from visiting dangerous websites.

Before establishing connection with "www.example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".

SafeSquid caches the DNS query results for efficiency

Access The SafeSquid User Interface

 

Go to Configure Page

Goto configure.png

Go to Real time content security

Go to real time content security.png

Go to DNS Blacklist Section

DNS blcaklist Slide1 (1).PNG
 
DNS blcaklist Slide1 (2).PNG
 
DNS blcaklist Slide1 (3).PNG
 
DNS blcaklist Slide1 (4).PNG
 

Global

Enabled

Enable or Disable the use of DNSBL service.

Disable this section if you do not want to query DNS blacklist services

  • TRUE : Enable DNS blacklist section.
  • FALSE : Disable DNS blacklist section.

Template

Name of the template to send when domain is found to be blocked.

Leave this blank, to use default Template "blocked".

Domain

This field needs to be filled in, only for making query to blacklist services like DNSBL.

The website to query is appended with DNSBL's domain name.

For example : If you set DNSBL's domain name as "in.dnsbl.org", then before establishing connection with "example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".

NOTE : You can also use any other service that provides similar DNS blacklist service.

Blocked IP addresses

Enter the comma separated list of IP address ranges that can be returned by DNS blacklist queries after matching which cause the page to be blocked.

For example : If You set domain name as "in.dnsbl.org" then it returns an IP in the range 127.0.0.1 to 127.0.0.6 for malafide servers.

Returned IP Convention for domain "in.dnsbl.org" are:

"127.0.0.2"=>"UCE", "127.0.0.3"=>"Fraud", "127.0.0.4"=>"Spam Promo", "127.0.0.5"=>"Illegal Content",

"127.0.0.6"=>"Pre-emptive", "127.0.0.7"=>"Improper List Practices" "127.0.0.8"=>"Botnet Activity / Malware".