Zoltan B.

My feedback

  1. 4 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    By reading your latest comments I believe there is only item 2. left to have answered, about how to display blocking pages without HTTPS scanning.

    Unfortunately what you desire is technically not possible. We need to know at the very first request whether we are going to inspect that HTTPS traffic or not. Once that decision is taken, there is no way back for that connection. And at the very first request you rarely know whether that will be blocked or not. We can take only simple decisions like blocking based on a particular URL or not. After that, you can have lots of other policies applied that need further content, like AV scanning, bandwidth/time limitations, application detection and so on.

    I hope my answer was good enough for you for this item.

    Zoltan B. commented  · 

    Thank you for the detailed replies, they are greatly appreciated. Let me provide you with further feedback from our end on the items discussed earlier:

    1. We can consider to offer alternatively WebMonitor UI access over the more secure HTTPS protocol, we can check this for future releases. At this point I am not sure whether IIS (non-Express) version would be required only to offer HTTPS access, since IIS Express also supports this. However, this feature obviously will introduce some overhead of handling certificates and so on.
    2. Unfortunately, accepting the connection is not possible in the operation mode when you do not decrypt the traffic, and then at some point you decide that you wish to block that. The entire logic speaks against the purpose of HTTPS encryption. If you can modify traffic without encrypting it, it means you have hacked the sole purpose of HTTPS and you would make it irrelevant. That is why I have asked you to point out any product that can do this.
    In the article you have pointed out they are doing or not HTTPS decryption. Please note that we can also do that from WebMonitor, by editing Data\proxyConfig.xml file. There we can add exclusions for domains/users/IP addresses that will not have their HTTPS connections decrypted. But this does not bring you any closer to solving the initial problem.
    3. I have just made again a quick test with WebMonitor, by blocking a particular domain, and on the blocking page the domain name also appears that was blocked. We can investigate more the reason why in your case the URL is not included in the blocking page, but for this please open a support ticket.
    6. I understand your point now. However, I still believe the blocking page should necessarily contain dynamic data as well, like what is blocked and why - which means parametrized template. An alternate option would be to add to the current blocking page a section that can display custom text that the administrator defines, like numbers to call, people to contact etc. What do you think about this?

    Regarding your comments on how users can find out ways to access the WebMonitor console - that is already protected by the current product. Please check Settings->Advanced Settings->UI Access control section where you can set up a set of access policies to enable access only to specific users (IP addresses). Moreover, you can also customize what section your users should be able to access, for example restricting their access to monitoring only and not to be able to change settings. By default, users that are not added to the "Default Authorization Rule" do not have access to the configuration UI at all.

    And for the last item, we are also aware that SHA1 is getting obsolete, and we are considering to update also the certificate generation within the product with SHA2. However, please note that the generated certificate is used ONLY to encrypt the connection between the GFI Proxy and the client machines, so that happens in your local network only (i.e. traffic is not visible outside of your network).

    If you have further comments on what to improve on the product, they are more than welcome!

    Zoltan B. commented  · 

    Thank you for the detailed feedback. Please see my comments below for each item mentioned.

    1. IIS Express is a lightweight component that should suit the requirements of our product. Can you elaborate more on what exactly you cannot do with it? Do you only wish to have access to the UI over HTTPS instead of HTTP?
    2. I don't think this is technically possible. If WebMonitor proxy is not decrypting HTTPS traffic, all we can do is to drop the connection on CONNECT. We cannot write any response back to the client browser in this case. Do you know any other product that can display custom blocking message without HTTPS decryption?
    3. On the blocking page the domain is also displayed. Would you like to see there the full URL instead of the domain? Please note that full URLs can get extremely long.
    4. We will analyze the possibility to display more appropriate blocking pages in the scenarios described by you, for future versions.
    5. You have a valid point there, we will check this together with item 4).
    6. We can also consider this option. Can you please highlight the use case scenarios in which you would need to display custom blocking pages to clients instead of the default one? Would you need to be parametrized or just a static page all the time? (like also showing blocked URL, policy or other relevant data)
    7. This is a feature request that we already have it in mind, it is considered for future versions.
    8. There is currently a possibility to publish the WebMonitor UI also on the IP address for example:
    - Locate and edit WebUI\WebServer.config file within the WebMonitor installation folder
    - Locate the following xml node: "<binding>"
    - Insert a new child node under <binding> node:
    "<binding protocol="http" bindingInformation="*:1007:[IPADDRESS]" />" - where [IPADDRESS] refers to the IP address where the GFI proxy is listening
    - Restart the WebMonitor services

    Please note that we do not recommend publishing the WebMonitor configuration on a public IP address that is accessible remotely, due to security concerns.

  2. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback, your request will be considered for future versions.

  3. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    We have identified the reason why collecting of data seemed to take very long times when the configuration wizard was launched. This was due to browser caching of some old resources. We have made some adjustments to disable improper caching of resources, the latest WebMonitor public build should not have such issues anymore.

  4. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  3 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Most of the reports are working on statistical data (and not raw data) in order to improve performance. If you want to display raw URLs and see detailed activity, please use the "User Activity Log" report.

    Zoltan B. commented  · 

    [Comment date: 2015-03-02]
    Please note that logging the Full URL is still present in the latest WebMonitor version, but it has been made more flexible than before! You can configure within each WebMonitor policy whether you want data to be logged into the database, and whether you want full URL logging. By default, full URL logging is not enabled on the majority of policies, for performance reasons.

    Please refer to this option also in the product manual here:
    http://support.gfi.com/manuals/en/webmon2015/Default.htm#ADMINISTRATOR/Topics/Configuration/ElementLogging.htm

    Please let us know if you have any further questions.

  5. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  2 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback.

    Central configuration and central reporting over multiple WebMonitor instances is not yet in place, it is considered for future releases. As an alternate solution for managing central configurations, please see within the Interface\Bin folder a tool called WebMon.SettingsImporterTool.exe which can be used to easily export / import the application's settings.

  6. 8 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  3 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    The feedback button was decreased in size within the product, please see the latest public build available.

    Zoltan B. commented  · 

    The feedback bubble has been redesigned in the latest service release to occupy less apce, please update your current WebMonitor installation to the newest build if possible.

    Thanks for your feedback!

  7. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback.

    We will be considering your feedback when the overview page layout will be adjusted for future versions.

  8. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    I am not sure I understand your request, can you please describe in more details the scenario presented and what the exact issue is?

  9. 4 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback.

    Currently the way the reports are generated within the product does not allow us fully flexible customizations, like freely selecting the columns on the report that is going to be generated. I am not sure whether we can do this, at least in the near future.

    However, since you are aiming for data that is included into an excel file, would it work for you to have a desired report generated (that has more columns than desired), export it (even automatically) into Excel and then manually remove the non-desired columns?

  10. 5 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thanks for sharing this idea.

    We will consider this for the next version.

  11. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    We can consider this as a feature request for future versions, thank you.

    Can you please let us know how do you see this feature working when someone forgets his password? In that case we might not have any reliable mechanism to offer for the uninstall.

  12. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for the feedback. Your request has been noted and will be considered for future versions.

  13. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback.

    Implementing widget-like functionality in the format you mentioned would mean installing a small agent on each machine. Would that work for you?

    What about an alternate solution of allowing access to some parts of the WebMonitor user interface that can be used to display statistics via some customized URL, for each user?

  14. 4 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    We are strongly considering this for the next version, thank you for your feedback!

  15. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Thank you for your feedback.

    We will definitely consider improving the filtering options on reports also for the categories section, for future WebMonitor versions.

  16. 2 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Most of the reports are working on statistical data (and not raw data) in order to improve performance. If you want to display raw URLs and see detailed activity, please use the "User Activity Log" report.

    Please note that in order to store full URLs, each policy need to be configured with the option "Enable full URL logging".

  17. 3 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    Can you elaborate more on this? Are you referring to the WebMonitor product?

  18. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  11 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    [Comment date: 2015-03-01]
    Thank you for sharing this idea.

    Right now the blocking window shows the web site that was blocked, not the full URL. The complete URL in some cases can be several hundreds characters long, which could not be displayed in the blocking window nicely.

    The category of the blocked web site is not displayed, since in many cases it is not relevant - i.e. blocking is not made by the category. However, we can consider to display categories as well for a future release.

    Please let us know what other possible improvements do you see on the blocking page / other parts of the product.

    Zoltan B. commented  · 

    [Comment date: 2015-03-02]
    Thanks for the detailed explanation. Let's take the items one by one ...

    - Customizing the blocking page is considered for future releases, but not necessary in terms of design but more in terms of content. If you tell us exactly what parts and in which way you want to customize, we can suggest possible solutions.

    - Allowing request for (temporary) access is a feature being developed, it will be present in the next release, soon! Such requests will be visible both within the notification center and also in emails sent to the administrator. The administrator can then decide whether to (temporary) approve them or not.

    - Administrator can be alerted by email messages, within each policy, if configured so. Also, blocking action within policies can create entries in the "Notiications" section visible in the WebMonitor UI. Is this what you were looking for?

    Please also share other ideas if you feel the product can be improved in any way.

    Zoltan B. commented  · 

    [Comment date: 2015-03-03]
    Can you please first specify which WebMonitor build you are using, so that I can guide you exactly to the proper locations for configurations?

    Zoltan B. commented  · 

    [Comment date: 2015-03-04]
    I have realized now the cause for which we were not understanding each other well enough. You are using the WebMonitor agent included in the MAX Remotemanagement suite, that is a separate product / thread.

    The GFI WebMonitor section within the ideas pages refer to the stand-alone application, for MAX Remotemanagement you have a separate section, please post your comments there.

    What I have written above on the new features / available features refers to the WebMonitor standalone product, which is richer in terms of features. I would recommend to you to evaluate our current (or the upcoming) stand-alone edition.

    Zoltan B. commented  · 

    [Comment date: 2015-03-04]
    The standalone product already offers several parts of what you were requesting. The blocking page present in the standalone product offers more details and more detailed descriptions on what has happened, it also has a different style. Notifications are also nicely integrated within the product, which can be made via email and/or within the within configuration console.

    Requesting temporary access will be present within a future version very soon, but I am not allowed to tell you the exact date.

    If you need improvement on the RM edition, please post your idea / request in that section within the GFI Ideas web site.

    Zoltan B. commented  · 

    Apparently you are not using WebMonitor standalone edition, where the blocking screen is replaced / updated with more information.

  19. 3 votes
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  4 comments  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    [Comment date: 2015-03-02]
    Thanks for sharing this idea.

    You can check which sites your users are visiting (grouped by user) and an approximation on how long they are browsing each site - including the time of the first visit, by running the "Surt Time Report".

    We are also doing deep package inspection on the HTTP(S) traffic, in order to determine which applications / web services are used in the network. You can run the "Detailed Application Usage" report to see for each user which applications were used and also the number of hits. If present, you will see the activity made on Facebook, chats and other supported applications. We identify at least 600+ web applications that use HTTP(S) protocols. This should basically cover what you asked for, to see what the users are doing within the sites.

    Is this ok for you or on which manner would you like these reports to be extended?

    Zoltan B. commented  · 

    [Comment date: 2015-03-03]
    Actually it would be quite tricky to combine both reports and tie applications detected with surf time, because data can be misleading.

    As an example, a chat client application that generates requests every minute, could be seen as generating surf time activity during the whole day, if it is left running in the background. In reality, the user might not be using the application to stay on chat, but just have it running. Surf time is not always relevant for applications.

    So there can be lots of controversial situations.

    If you let us know which exact fields you would see within a the report, what grouping/sorting options and from logical point of view how you see the data correlated between them, we can definitely check and tell you whether it's possible to do it.

  20. 1 vote
    Sign in
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Collecting Feedback  ·  1 comment  ·  GFI WebMonitor  ·  Flag idea as inappropriate…  ·  Admin →
    Zoltan B. commented  · 

    [Comment date: 2015-03-02]
    Thanks for sharing the idea, we will consider this as a feature request for the next releases.

    Can you please also let us know the exact scenario for which you need this separation of protocols, so that we understand your exact use case scenario?

← Previous 1

Feedback and Knowledge Base