Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » IP specific HTTP restrictions (Trying to prevent 3 PCs from accessing the internet except for MS updates and Malwarebytes.)
  •  
muchosnachos

Messages: 4
Karma: 1
Send a private message to this user
Hi Everyone,

(Kerio Control version 7.2.3 Build 4445.)

We are trying to configure a traffic rule in order to prevent 3 fixed IP machines from accessing the internet (all services) except for the predefined Microsoft Update (*update.microsoft.com/* etc.) sites and the Malwarebytes (*data-cdn.mbamupdates.com/*) update server.

The machines are all connected to the domain, but we do not use the AD accounts within Control, as we only use the Users config page to set up VPN users.

We have additional rules for general users regarding access to certain sites using HTTP policy and time definitions and so these cannot be effected by any rules put in place for the above.

We're a bit clueless about this so if you need any more info then please ask, we'd be grateful for any help.

Regards

Ben

  •  
Lucian Maly (Kerio)

Messages: 136
Karma: 8
Send a private message to this user
If you enable the "Source" column in URL rules, you will be able to achieve what you need (create rules based on IP addresses). See my screenshot:
./fa/2931/0/


Kerio Technologies AU Pty Ltd.
  •  
muchosnachos

Messages: 4
Karma: 1
Send a private message to this user
Hi Lucian,

Thanks for the reply, we've just implemented this in our HTTP policy and it works perfectly.

We really appreciate the help, cheers!

Kind Regards

Ben
  •  
chrwei

Messages: 200
Karma: 11
Send a private message to this user
I'm also trying to do this, and it seems to only affect the http traffic. https is still allowed, and all non-http traffic is allowed. clever users can get around this filter.

adding traffic rules to block all services except http seems to finish it off. The trick is allowing http in the traffic rules so the transparent proxy can apply the http policy filters to allow by url.
  •  
sorat

Messages: 59
Karma: 2
Send a private message to this user
In kerio 8.2 this feature is removed! We need it back!!!
Previous Topic: Kerio Control+StaticIP on ADSL+Kerio VPN CLient
Next Topic: Internet Explorer 10-11 don't authenticate no more
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 15:52:16 CET 2017

Total time taken to generate the page: 0.00426 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.