DNS Blacklist

DNS Blacklist

Overview

Set the DNSBL reference service to prevent users from visiting dangerous websites.
Before establishing a connection with "www.example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".
SafeSquid caches the DNS query results for efficiency.

Access the SafeSquid User Interface

Go to Configure Page

Goto configure.png

Go to Real-time Content Security

Go to real time content security.png

Go to DNS Blacklist Section

     
 
     
     

Global

Enabled

Enable or Disable the use of DNSBL service.
Disable this section if you do not want to query DNS blacklist services
  1. TRUE: Enable the DNS blacklist section.
  1. FALSE: Disable the DNS blacklist section.

Template

Name of the template to send when the domain is found to be blocked.
Leave this blank, to use the default Template "blocked".

Domain

This field needs to be filled in, only for making queries to blacklist services like DNSBL.
The website to query is appended with DNSBL's domain name.
For example: If you set DNSBL's domain name as "in.dnsbl.org", then before establishing a connection with "example.com", SafeSquid performs a DNS lookup for "example.com.in.dnsbl.org".

Notes
NOTE: You can also use any other service that provides similar DNS blacklist service.

Blocked IP addresses

Enter the comma-separated list of IP address ranges that can be returned by DNS blacklist queries after matching which cause the page to be blocked.
For example: If You set the domain name as "in.dnsbl.org" then it returns an IP in the range 127.0.0.1 to 127.0.0.6 for malafide servers.
Returned IP Convention for domain "in.dnsbl.org" are:
"127.0.0.2"=>"UCE", "127.0.0.3"=>"Fraud", "127.0.0.4"=>"Spam Promo", "127.0.0.5"=>"Illegal Content",
"127.0.0.6"=>"Pre-emptive", "127.0.0.7"=>"Improper List Practices" "127.0.0.8"=>"Botnet Activity / Malware".

Example

Rule#1
I want to block websites using my DNS blacklisting server.
I want to use the blacklisting domain as in.dnsbl.org.
The blocked IP address is to be set to 127.0.0.1-127.0.0.6
For all the matching entries block the domain.
The blocked domain will display SafeSquid’s blocked_bypass template.
DNS Blacklisting is used in a situation where Blocking of websites is done by a SOC-provided list of websites.
DNS Blacklisting should also be considered in a situation where there are a large number of domains to be blocked.
Once the DNSB blacklisting is configured, SafeSquid will look for the entry of the URL and the dnsbl domain you have configured.
Example: SafeSquid will check for the DNS record of google.com.in.dnsblbl.org in the db.in.dnsbl.org file, if found then the URL will be blocked else the page will be loaded.
Slide1-dnsbl.png




    • Related Articles

    • Access restrictions

      Overview Use Access Restriction to Allow/Deny access to SafeSquid's service for specific users/user groups. This allows you to specify the Access rights for various users and profile them into user groups for unique processing in other sections. In ...

    • Cookie Filter

      Overview Cookie Filter allows you to choose which hosts(websites), the browsers are allowed to send and receive the cookies. An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from ...

    • HTTPS Inspection

      Overview This section allows you to configure the overall operation to handle scanning of connections under HTTPS (HTTP over SSL). SSL (Secure Sockets Layer), is the standard security technology for encrypting a connection between a web server and a ...

    • Image analyzer

      Overview Use this section to prevent users from viewing pornographic image content. This section allows you to block inappropriate images by analysing the graphical content of an image, in real time. The default template replaces the blocked image ...