Test your inline URL content filter

Following on from this post, here’s an easy way to see what your content filter does and does not check. The steps are:

  1. Visit http://wirewatcher.net/urlfiltertest/testit.aspx
  2. Check your content filter logs to make sure there’s an impression.
  3. Click the “Submit me via GET” button. The page will refresh, albeit with the same content as it had originally.
  4. Check your content filter logs to make sure there’s an impression.
  5. Click the “Submit me via POST” button. The page will refresh, albeit with the same content as it had originally.
  6. Check your content filter logs to make sure there’s an impression. If there isn’t one, then your content filter isn’t being queried for POST requests.
  7. Visit http://wirewatcher.net:50000/urlfiltertest/testit.aspx
  8. Repeat steps 2 – 6 above. If you get no pages back at all, then it’s likely that there is some degree of egress filtering going on to prevent you from seeing the page (a good thing!). If there are no log impressions on the content filter, then your content filter isn’t being queried for HTTP on nonstandard ports.

If you want to, please posts your results as comments, together with:

  • The brand of content filter software
  • The type of intermediate device that is querying the content filter (router, firewall, proxy, etc.)


Alec Waters is responsible for all things security at Dataline Software, and can be emailed at alec.waters(at)dataline.co.uk

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 30 other followers

%d bloggers like this: