Category Archives: Tech Tips

Are the URLs in Your Categories Set Correctly?

If you are upgrading your CyBlock or Cyfin product, you will be using the Wavecrest URL List 7. List 7 supports wildcard entries in domain, path, and parameter matching in URLs. In List 6, wildcard entries were possible, but limited, and thus, the URL matching was slightly different. Therefore, we recommend that you recheck and reset the URLs that were added to your standard and custom categories.

To do this, go to the Advanced Settings – Category Setup – Edit URLs screen and select the category you want to change. In the Supplemental URLs or Custom URLs box, modify your URLs according to the List 7 rules. List 7 allows you to use the following wildcard rules to add multiple URLs simultaneously.

  1. Wildcards With Domain Matching.This URL matching method categorizes Web sites whose pages all contain the same type (category) of content, e.g., Shopping, News, and Sports. In these relatively simple cases, one category applies to the entire site. Under this method, if the Web log entries are in any of the following formats, and the URL List contains a matching URL, the product will categorize the visit on the basis of the domain name.
    • www.mydomain.com
    • *.mydomain.com
    • www.mydomain.*
    • *.mydomain.*


    Note:
     For this method to work, and as reflected in the examples, the entry in the URL List must contain a complete domain name element. That is, the domain name between the periods (dots) must be complete and must not be augmented with an asterisk or any other character. For example, the list must not contain mydomain*.com or *mydomain.com.

  2. Wildcards With Domain and Path Matching.This URL matching method categorizes Web site visit-attempts at the path level. This method enables individual pages to be categorized. If the URLs visited (as documented in the Web logs) are in any of the following formats and there is a corresponding entry in the URL List, the product will categorize the visit on the basis of the domain name and path.
    • www.mydomain.com/path/*
    • www.mydomain.com/*/path/*
    • *.mydomain.com/*/path/*
    • *.mydomain.com/path/

    Notes: For this method to work, the entry in the URL List must contain a complete path element. That is, the path element between the forward slashes must be complete and must not be augmented with an asterisk or any other character. For example, the list must not contain /path*/. As indicated at the end of the fourth example above, the asterisk is not always required, i.e., an exact path can be entered. However, as indicated in all four examples, forward slashes are always required.

  3. Wildcards With Parameter Matching.This method adds parameter matching to the two methods defined above (domain alone and domain-plus-path). It focuses more on syntax found in URL parameters than on content of the site being evaluated by the product. The parameter method works as follows. If the Web log entries are in any of the formats listed below, the product will categorize the visit on the basis of (a) the domain name plus the parameter, or (b) domain name plus path and parameter. Note that the first three bullets are examples of the former (no path included).
    • www.mydomain.com/*?keyword=value
    • www.mydomain.com/?keyword=value
    • www.mydomain.com/?id=*
    • www.mydomain.com/?id=*&sr=* (example of multiple pairs)
    • *mydomain.com/*/path/*?id=*

    Notes:  Parameter matching always requires the use of “?”. If a question mark is placed at the end of the domain or the path, the URL List will perform this matching method.The “/” is also required for this method. However the “&” is optional and is only needed when more than one “keyword=value” pairing is involved (as indicated above). Note that the “&” is added between pairs, and the pairs do not have to be in any particular order.

For additional assistance, please contact Technical Support at (321) 953-5351, ext. 4 or support@wavecrest.net.

Navigating the User Guide

With the new release of Cyfin 8.7.2 and CyBlock 6.7.2, we are pleased to provide enhanced user guides with improved readability and navigation. Some of the changes include a hyperlinked table of contents, additional hyperlinks in the chapters, and color-coded chapter and section headings, notes, cautions, and important information. Here are some tips on navigating the user guides in the browser.

Locating the User Guide. The user guide can be accessed through our Web site www.wavecrest.net. On the Home page, click the Support link on the left. The CyBlock and Cyfin products will be listed. Click the product name and then click Documentation. The Documentation page will be displayed with the different versions of the product manuals. Select the latest version.

The user guide can also be accessed through any of the Cyfin or CyBlock products. In the product, from the Help menu, select Documentation and then click the Product Manual link. The latest version will be displayed in your browser.

Viewing the PDF Layout. When you open the user guide in your browser, you will see the Bookmarks panel on the left, and the user guide in the middle of the screen. The page layout is set to show two pages side-by-side. Maximize the window by double-clicking the title bar of the window.

Adding Toolbar Tools. Take advantage of the page navigation and page display tools in the Acrobat toolbar available with the Adobe PDF 10.x add-on. Right-click the toolbar, select Page Navigation, and then select Show All Page Navigation Tools.

 

Again, right-click the toolbar, select Page Display, and then select Two Page View.

Finding Information. There are many ways to find information in the user guide. You can use the bookmarks in the Bookmark panel, the hyperlinked table of contents, and the hyperlinks within the chapters. Remember to use the page navigation tools on the toolbar also. The Previous View tool is a handy one.

To search for specific words, press Ctrl+F on your keyboard. In the Find toolbar, type your search term, and click the arrows to locate each occurrence of the term or press Enter.

 

Another way to search is by using the Search panel. In the browser, click the binoculars icon on the left, type your search term, and click Search or press Enter.

Printing the User Guide. If you want to print the user guide, it is formatted to be printed double-sided.

For additional assistance, please contact Technical Support at (321) 953-5351, ext. 4 or support@wavecrest.net.

Tech Tip: Create a Custom Blocking Message While Coaching

Based on your policy configuration, access to blocked websites direct the user to a message which can be customized to remind them of the current Acceptable Use Policy (AUP).  CyBlock Proxy v6.7  and CyBlock ISA / TMG v6.7 now offers the ability for the user to proceed beyond the blocked page through a feature called coaching.  A custom blocking message does not automatically have coaching enabled because of a required token needed in the body of the blocking message. In order to enable the coaching feature with a custom blocking message, follow the below steps.

  1. Open the folder that contains the Standard Web Blocking Message file. The default location of this file is [INSTALL PATH]\wc\cyblock\db\stdBlkMsg.htm.
  2. Make a copy of this file, and rename the copy to CustomBlockedMessage.htm.
  3. Edit the HTML of ‘CustomBlockedMessage.htm’ to meet your needs. Your Custom Blocked Message file must contain *tokens {0} through {4}. Include the Coaching token ({6}) to enable the Coaching feature in the Block Web Categories Screen.
  4. Save your ‘CustomBlockedMessage.htm’ file
  5. Ensure the “Message Source” option is selected.
  6. Browse to and select your CustomBlockedMessage.htm file.
  7. Apply your changes by clicking the Submit button.
  8. You will now have the coaching feature option with your custom blocking message.

Definitions:

The following describes the available tokens, and their use within the blocked message file:

*Token Description
{0} The username that is being blocked.
{1} The URL being accessed, that caused the user to be blocked.
{2} The Category Name that the URL is classified as.
{3} Your organization name as defined on the License Information screen.
{4} The current Block Policy name that is blocking the user.
{5} Not used for Blocking Messages.
{6} Coaching feature. Optional. If present and enabled in the Block Web Categories Screen, the user will be presented with
a notice and a link to bypass the block message.
NOTE: To disable the Coaching feature in the Block Web Categories Screen, omit this token.

Tech Tip: How to Change Your Proxy Port

If you want to change our default proxy port for security reasons or you have another application already listening on that port, just follow these instructions:

1) Go to your hidden screen, https://xx.xx.xx.xx:7999/admin/setup/proxy/adv.php
2) Change the ‘Proxy Server Port:’ option to any port number
3) Click Submit
4) Restart service

Default Port: 8080

We never stop improving and we love to receive feedback from you!

Our in-house support staff is available to assist you and can be reached at (321) 953-5351, ext. 4 or email at support@wavecrest.net.

Explanation of the “IP Address” Category in Wavecrest Products

Unfortunately, some instances of Web-use activity cannot be readily identified or categorized by Web access management products.  One type appears in the Wavecrest products’ Web Monitor and employee internet usage reports simply as IP addresses with no domain.

If the IP address is not recognized by our product it is put into IP address category and not into “Other” for the below reasons  (While some IP addresses have been identified and categorized in the Wavecrest URL control list, many have not.) If the product does not recognize the IP Address, it initially assigns them – in parallel to two special categories: (a) the IP Address category, and (b) the “Other” (uncategorized) category. This ‘groups’ them so they can be dealt with, as follows.

Using IP Addresses to Help Analyze Web Activity. At first glance it may appear impossible to make use of these initially unidentified IP addresses, but that’s not really the case. With a bit of work, it’s possible to:

  • Deduce the source and purpose of most of them
  • Categorize the legitimate ones
  • Isolate/neutralize the malicious ones

Let’s see how this is done.

First though, for purposes of this discussion, let’s ‘label’ the four general types of unidentified IP addresses. We’ll call them:

  • ‘Internal and partner Web pages without domain names’
  • ‘Innocent links on Web sites’
  • ‘Possible malware or virus servers.’
  • ‘Public proxies’

Identification and Corrective Action Process. This is a three step process: (a) listing the IP addresses; (b) classifying them by the types defined above; and (c) taking appropriate action.

To take the first step, simply run a Top Non-Categorized Sites Report and note the rows with IP addresses.  Then, as explained below, classify each (by type) and take action.

  1. IP Addresses Associated with Internal and Partner Web Pages.  These IP addresses could result from user-generated or Web application traffic. Using local knowledge, determine the sources and then enter the addresses in one or more custom categories. If you wish, give the addresses recognizable names. Complete instructions on how to create custom categories can be found in our manual.
  2. IP Addresses Associated with Innocent links on Web sites. These addresses could be associated with image or ad servers. If you send a Otherwise report that contains these IPs to Wavecrest our categorization team will research and categorize these IPs for you  the same way we would categorize domains. If you would like to identify them yourself there are IP Address lookup tools like the one available from https://www.networksolutions.com This tool will provide you with information about the owner of the IP address(es) of interest. For example, the owner of the IP address could be a marketing company that serves ads, or it could be an image server. Once identified, add the addresses to one or more custom categories. If you wish, give the addresses recognizable names.
  3. IP Addresses Associated with Possible Malware or Virus Servers. These addresses could be associated with malware, spyware or virus servers. The clue here is very high around-the-clock traffic (an indication that the user’s computer has been infected or attacked).  The solution in these cases is to isolate the internal computer(s) and remove the malware/spyware or virus.
  4. Public proxies. Also known as “Anonymous proxies”, public proxies are often used by employees or students who want to get around Web filters and/or avoid being identified by Internet logging. In other words, public proxies allow individuals to surf the Web “anonymously.” Many public proxies promote spyware or malware activity. They are created to gather user information, or even worse, company information on an employee’s computer. They often log an individual’s online browsing, emails, and chat sessions to gather user names, passwords, credit card or banking information. Some of the information gained, e.g., email addresses, is often used to sell to other companies for marketing purposes.

For more information, read our post: The danger of public proxies.

Get Your Wavecrest Reports in PDF

Many customers have asked for it, so back in March, Wavecrest Computing added a new option to receive or email reports in PDF format.  This option is available for any manual or scheduled report in your Cyfin or CyBlock product.  To receive or email your reports in PDF format, simply select PDF in the Report Format pulldown on any of the reporting screens.

The option to email and run reports in HTML format is still available, and HTML format must be used when using Interactive reporting for drill-down purposes.

If you have any questions about this new feature or any other features in your Cyfin or CyBlock product, please feel free to contact us.

Wavecrest Recommends Users Upgrade from Internet Explorer 6

If you are still using Internet Explorer 6, we and Microsoft recommend that you upgrade as soon as possible.  One of the main reasons to upgrade is that Wavecrest’s CyBlock versions 6.3.0 and later and Cyfin versions 8.3.0 and later no longer support IE6.

Microsoft also has a big push now to get users to upgrade and stop using IE6.  See their new website ie6countdown.com. One of the main reasons they are pushing the upgrade is security. They state, “we recommend that Internet Explorer 6 users upgrade to a newer version of Internet Explorer for a safer browsing experience.” So if you haven’t done so already, Wavecrest recommends that you take a minute to make sure all of the computers and servers in your network are upgraded to a later version of Internet Explorer.

If you have any questions, please contact Wavecrest’s technical support team by phone at 321-953-5351, ext. 4 or toll-free at 1-877-442-9346, ext. 4.

Sources:

The Internet Explorer 6 Countdown
Microsoft Begs Users to Stop Using IE6
It’s Time to Finally Drop Internet Explorer 6

New Half-Hour Filtering In CyBlock

If you haven’t seen it yet, in the latest version of CyBlock 6.3.1, scheduled filtering has changed from hourly to half hour. This means that you can select to allow a category from 12:00 – 12:30pm instead of the full hour 12:00 – 1:00pm.

You can make these changes at Advanced Settings – Filter Settings – Block Web Categories. Simply click on the clock icon that appears when you select the “block” radio button and select the times you want to block and allow the category.

If you have not upgraded your product to the latest version of CyBlock, you may do so by going to Administration – Product Update screen.

Remember to Set Block Policies for New Custom Categories

When you create a custom category at the Advanced Settings — Category Setup — Custom Categories screen, the custom category is automatically set to ‘allow’ in all of your block policies.  So anybody will be able to access the sites listed in the newly created custom category.  If you want to block the sites in this category for some or all filter policies, be sure to go to the Advanced Settings — Filter Settings — Block Web Categories screen and set the policies to ‘block’.

Managing Web Application Authentication Problems with Wavecrest Proxy Products

In order to obtain usernames for filtering and/or reporting purposes in CyBlock Proxy, Cyfin Proxy, or CyBlock Appliance, authentication must be enabled. An issue that arises with authentication is that there are some Web apps and URLs/Domains that do not respond to the authentication request properly.  Because of this, in versions 6.2.0 and 8.2.0 we added the Authentication Manager in CyBlock Proxy, Cyfin Proxy and the CyBlock Appliance.

The Authentication Manager helps prevent these issues by automatically detecting the disruptions, identifying the failed applications, and employing automatic authentication-bypass techniques (when authentication is enabled in Moderate mode). This allows users to bypass proxy authentication (not the proxy server) with those web sites and web applications that do not properly respond to the proxy authentication request.  An example of this is your offensive line in a football game.  Just like your offensive line creates a hole for the running back to run through, bypass authentication opens a hole in the proxy so that the request can go through. The request will bypass authentication but not the proxy.

To learn more about proxy authentication and the Authentication Manager, read our document “Managing Web Application Authentication Problems” and see your product manual for specific instructions on fully utilizing the Authentication Manager.