Monthly Archives: August 2012

How to block stock market trading programs in network?

Employees can spend hours on reading market data and online stock trading. To keep productivity, it is necessary to block online trading traffic during working hours.

This tutorial will guide you to block “Nest trader” and “(IIFL) Trader Terminal” traffic in your network.

Since WFilter does not have these two protocols supported in default, you need to add customize protocols in “System Settings”->”Customize Protocols”.

1. Block IIFL trade terminal

1). Add a new protocol named “IIFL Trader”, choose a protocol type.

2). Add a new pattern, choose pattern “Type” as “TLS”. Set pattern content as “swaraj\.indiainfoline\.com”.

3). Check “Block IIFL Trader” in your blocking policy.

4). Now IIFL trader can be blocked.

2. Block “Nest trader”

1). Add a new protocol named “Nest Trader”, choose a protocol type.

2). Add a new pattern, choose pattern “Type” as “TCP SEND”. Set pattern content as “^\x00\x00\x00\x13\x52\x55\x00\x0f\x6c\x69\x63\x65\x6e\x73\x65\x5f\x63\x68\x65\x63\x6b\x65\x72″.

3). Check “Block Nest Trader” in your blocking policy.

4). Done. Now Nest trader will also be blocked.

How to block youtube website access of network computers?

Since youtube video streaming can consume a lot bandwidth, you might want to block youtube access during working hours. This tutorial will guide you to setup an internet policy to block youtube access at work with WFilter 4.0 version.

You can block youtube at different levels:

  1. Block youtube access completely.
  2. Block youtube access during working hours.
  3. Block youtube videos, but allow youtube website.

1. Block youtube website completely

You can block youtube with WFilter’s “Website black list”, as shown in below figure:


You also can block youtube by blocking the “Streaming Media” website category. All streaming websites in WFilter url database will be blocked.

Access blocked.

Because youtube also provides HTTPS access, you need to enable a HTTPS black list to block HTTPS access of youtube.


HTTPS access blocked.

2. Block videos, but allow website access

If you want to allow youtube website, but block all videos. You can enable the “Block Online HTTP Video and Downloading of Video Files” option to do it.


How to customize WFilter reports by directly querying the database?

Though WFilter already has many reports by default, there has the chance that you need other report formats or data. In this case, you can directly query the database tables to get what you need.

It’s complicated to customize reports for WFilter file-based version. So you need to install WFilter database version first. For steps to install WFilter database version, please check: WFilter Database Version Installation Guide

There has a “web surfing time report” in “Detailed Reports”->”Web Report”, you can generate this report “by name” or “by website” in WFilter user interface. Now if you need to get a report of web surfing time both “by name” and “by website”, you need to customize a sql query. The data is stored in table “webreport” with below structure:


create table webreport
(

mac char(12) NOT NULL /* MAC address */
ip varchar(20) /* ip address */
acct varchar(200) /* domain username */
happendate varchar(10) /* date */
method char(1) /* 0 – get, 1 – post */
categoryid varchar(10) /* website category id */
host varchar(100) /* website domain name*/
visitcnt varchar(20) /* visits number */
duration varchar(20) /* surfing time in seconds*/

)


1. Web surfing time report by ip address

To get a report by ip address and websites for a certain date, you can execute a sql like:

select ip, host, sum(convert(int, duration)) cnt from webreport where happendate>=’20120803′ and happendate<’20120804′ and ip is not null group by ip, host order by ip, cnt desc

You will get such kind of data:

192.168.1.131 www.google.com 226
192.168.1.131 forum.imfirewall.us 192
192.168.1.131 ct1.addthis.com 180
192.168.1.131 l.yimg.com 180
192.168.1.131 sports.yahoo.com 153
192.168.1.20 m614.mail.qq.com 266
192.168.1.20 share.baidu.com 254
192.168.1.20 forum.imfirewall.us 200
192.168.1.20 hm.l.qq.com 180
192.168.1.20 info.iet.unipi.it 180

2. Web surfing time report by user

If you have “Account Monioring” enabled, you also can generate reports based on AD usernames. The sql will be:

select acct, host, sum(convert(int, duration)) cnt from webreport where happendate>=’20120803′ and happendate<’20120804′ and acct is not null group by acct, host order by acct, cnt desc

You will get such kind of data:

CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng www.google.com 226
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng forum.imfirewall.us 192
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng l.yimg.com 180
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng ct1.addthis.com 180
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng sports.yahoo.com 153
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng test.org.uk 96
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng www.yahoo.com 72
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng *.bc.yahoo.com 67
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng *.websense.com 59
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng *.g.doubleclick.net 34
CN=Users%2cDC=demo%2cDC=com%2fBruce_Geng www.google.com.hk 31


Please notice, the “acct” column is urlencoded. You need to urldecode it to get a readable username.

Online urldecode.