DNS blacklist

DNS blacklist

Overview

Set the DNSBL reference service to prevent users from visiting dangerous websites.
Before establishing connection with "www.example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".
SafeSquid caches the DNS query results for efficiency
Access the SafeSquid User Interface

Go to Configure Page

Goto configure.png

Go to Real time content security.

Go to real time content security.png

Go to DNS Blacklist Section

     
 
     
     

Global

Enabled

Enable or Disable the use of DNSBL service.
Disable this section if you do not want to query DNS blacklist services
TRUE: Enable DNS blacklist section.
FALSE: Disable DNS blacklist section.

Template

Name of the template to send when domain is found to be blocked.
Leave this blank, to use default Template "blocked".

Domain

This field needs to be filled in, only for making query to blacklist services like DNSBL.
The website to query is appended with DNSBL's domain name.
For example: If you set DNSBL's domain name as "in.dnsbl.org", then before establishing connection with "example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".
NOTE: You can also use any other service that provides similar DNS blacklist service.

Blocked IP addresses

Enter the comma separated list of IP address ranges that can be returned by DNS blacklist queries after matching which cause the page to be blocked.
For example: If You set domain name as "in.dnsbl.org" then it returns an IP in the range 127.0.0.1 to 127.0.0.6 for malafide servers.
Returned IP Convention for domain "in.dnsbl.org" are:
"127.0.0.2"=>"UCE", "127.0.0.3"=>"Fraud", "127.0.0.4"=>"Spam Promo", "127.0.0.5"=>"Illegal Content",
"127.0.0.6"=>"Pre-emptive", "127.0.0.7"=>"Improper List Practices" "127.0.0.8"=>"Botnet Activity / Malware".

Example

Rule#1
I want to block websites using my DNS blacklisting server.
I want to use blacklisting domain as in.dnsbl.org
Blocked IP address is to be set 127.0.0.1-127.0.0.6
For all the matching entries block the domain.
Blocked domain will display SafeSquid’s blocked_bypass template.
DNS Blacklisting is used in a situation where Blocking of websites are done by SOC provided list of websites.
DNS Blacklisting should also be considered in a situation where there are large number of domains to be blocked.
Once the DNSB blacklisting is configured, SafeSquid it will look for the entry of URL and the dnsbl domain you have configured. Example: SafeSquid will check for the DNS record of google.com.in.dnsblbl.org in the db.in.dnsbl.org file, if found then the URL will be blocked else the page will be loaded.
Slide1-dnsbl.png


    • Related Articles

    • Access restrictions

      Overview Use Access Restriction to Allow/Deny access to SafeSquid's service for specific user/user groups. Allows you to specify the Access rights for various users and to profile the users into user groups for being uniquely processed in other ...
    • Cookie Filter

      Overview Cookie Filter allows you to choose which hosts(websites), the browsers are allowed to send and receive the cookies. An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from ...
    • HTTPS Inspection

      Overview This section allows you to configure the overall operation to handle scanning of connections under HTTPS (HTTP over SSL). SSL (Secure Sockets Layer), is the standard security technology for encrypting a connection between a web server and a ...
    • Image analyzer

      Overview Use this section to prevent the users viewing pornographic image content. This section allows you to block inappropriate images by analysing the graphical content of an image, in real time. The default template replaces the blocked image ...