Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Victor
New Contributor III

Web Translators and Search Providers as Proxy Caches

I have opened up a call ticket with Fortinet on this issue as creating regex strings defeats the purpose of having categories. I cannot see any way - other then creating regex strings or blocking web translators - of blocking this bypass methodology. I am however quite new to the version 4 code so I am posing the question to the community. Is there a way in the version 4 code ( I am using build 192) that I can selectively block these attempts based on the web filtering settings in the policy that the traffic takes. Here are some examples of successful defeats of my web filtering policies: http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&layout=1&eotf=1&u=facebook.com&sl=es&tl=en http://www.microsofttranslator.com/bv.aspx?ref=Internal&from=&to=en&a=youtube.com http://babelfish.yahoo.com/translate_url?doit=done&tt=url&intl=1&fr=bf-home&trurl=http%3A%2F%2Fyoutube.com&lp=nl_en&btnTrUrl=Translate http://fets3.freetranslation.com/?Url=http%3A%2F%2Fwww.facebook.com&Language=Spanish%2FEnglish&Sequence=core http://www.systranlinks.com/trans?systran_lp=xx_en&systran_id=http://www.appliedlanguage.com/&systran_url=http%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DPM20B53bNUQ|feature%3Dpopular What is really interesting is that during school hours, I blackhole dns requests for youtube and yet, using these translators, you would never know it was verboten. By the way, if I were a student, my money would be on Microsoft. Victor
3 REPLIES 3
rwpatterson
Valued Contributor III

That " Freetranslation.com" opened my eyes... I have submitted the site to Fortiguard with the request they change the category from ' Reference' to ' Proxy Avoidance' . You can do that yourself at the following site: http://www.fortiguard.com/webfiltering/webfiltering.html NOTE: I did notice that in each URL query, the actual web address is being passed. You may be able to use (.facebook\.com.) or (.youtube\.com.)..... If it appears anywhere in the URL, then no go....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Victor
New Contributor III

Bob But each of these sites is not meant to be used as a proxy. Translation sites are useful and in an educational environment blocking them would be counter-productive. Creating regex strings would also be a nightmare. That is why I have created a call ticket with Fortinet so that they can work on finding a proper solution, similar to the blanking of images going to references that are blocked; or their enhancements in terms of safe search, which I had originally blocked with regex. I am well aware of the rating service, but when you think of it, their rating is correct. To ask them to change it does a dis-service to others. I constantly have this problem with the games category - which normally we block. I find that when the category does match the site, I simply place them into a local category (allowed or denied) and don' t try to muddy the waters. Victor
Victor
New Contributor III

Working with Fortinet we have found a solution of sorts. I still have to get it approved. The engineers working the rating servers had noticed this issue and noticed that some of the translators included the requested url to be translated in their get request. They added additional logic to parse and rate that second url. For google' s translate service and yahoo' s babelfish the second url is captured and rated. At present, the bing translator service (microsofttranslator.com) is not properly parsed, even though the website to be translated is there in the get request. I have asked that I be informed when the rating servers can properly rate the Bing translator. The solution works like this. In the protection profile you block cached content and web translation. You would think that simply cached content would do the trick, but that is not the case. You then add exceptions for the translators that Fortinet can properly classify in your url filter for that profile. Hope this helps. Victor P.S.: You might want to set up a special policy that allows cached content. We have had a spate of requests to unblock ancillary websites for social & government agencies and on investigation, have found that the site has been hijacked because the domain registration had lapsed. Generally these requests come in shortly after the hijack and using the cached content we can confirm that the url was legitimate and not a typo error or a maliciously misdirected link.
Labels
Top Kudoed Authors