e2g5.3.4 timelists

111 views
Skip to first unread message

Tim McGreevy

unread,
Dec 19, 2020, 3:26:06 PM12/19/20
to e2guardian
Hello,

I am new to e2g.  I am trying to implement timed banned & exception lists.  I acknowledge that I may simply be ignorant of the proper syntax/method & limitations of v5.3.4.  Can anyone point me to an example for the proper method/syntax for implementing timed banned sites & timed exception sites?  I thought that the following conversation would have solved my problem, but I could not get bala's v5.3.1 implementation to work in 5.3.4, see URL below:
https://groups.google.com/g/e2guardian/c/V1yW0d6HXXY/m/mU1678p7CAAJ

Also, I am unable to consistently get a situation with a blanket block on SSL with a simple exception to work.  Perhaps there is something corrupted in my installation, or something I am unaware that needs to be reset and it is taking some random time for that event to take place, making it appear as an inconsistent implementation of a simple exception.  Perhaps the same issue is effecting my attempts at timed lists.

System/software
e2g5.3.4
squid (stopped it running, I understand it is optional in v5; O also tried with it running it as well)
FF 84.0 (64-bit)
Lbuntu 18.04

examplef1.story
# To create blanket block for http 
# uncomment next line and one condition line.
function(checkblanketblock)
if(true,,502) return setblock  # = ** total blanket
#if(siteisip,,505) return setblock  # = *ip ip blanket

# To create blanket block for SSL 
# uncomment next line and one condition line.
#function(sslcheckblanketblock)
#if(true,,506) return setblock  # = **s total blanket
#if(siteisip,,507) return setblock  # = **ips ip blanket

Of course, to try a Blanket block of  SSL (HTTPS), I uncommented out the 2nd and 3rd from last lines above...

Several documented attempts:

bannedsitelist
# List categorisation
listcategory: "Banned Sites"

#####################################################################################################
###### 11:37 AM 
## Using 192.168.1.12:8080 as proxy, set in FireFox network settings
## Blanket block for HTTP; NO Blanket block for HTTPS/SSL, or other blankets
## Trying BANNEDLIST only (below); no TIMELIST
## Close FireFox (FF); restart e2guardian; (squid is not running)
## RESULTS >>>
## failed to block facebook.com or any site!
## Tried to list 'facebook.com' immediately below "listcategory: "Banned Sites", but that still fails.
## Tried to use 192.168.1.12:443 for HTTPS --> all HTTPS sites are blocked.
#####################################################################################################


#####################################################################################################
###### 11:39 AM 
## Using 192.168.1.12:8080 as proxy, set in FireFox network settings
## Blanket block for HTTP; NO Blanket block for HTTPS/SSL, or other blankets
## No BANNEDLIST; trying only TIMELIST (direct, no include file)
time: 11 49 11 51 0123456
## Close FireFox (FF); restart e2guardian; (squid is not running)
## RESULTS >>>
## neither facebook or youtube are blocked; had not restarted e2g until during window of time above; Am I required to restart e2g before start time above?  Try it below...
#####################################################################################################

#####################################################################################################
###### 11:51 AM 
## Using 192.168.1.12:8080 as proxy, set in FireFox network settings
## Blanket block for HTTP; NO Blanket block for HTTPS/SSL, or other blankets
## No BANNEDLIST; trying only TIMELIST (direct, no include file)
time: 11 53 11 54 0123456
## Close FireFox (FF); restart e2guardian; (squid is not running)
## RESULTS >>>
## same; neither facebook or youtube are blocked
## Does not appear that this method of TIMELIST works in e2g5.3.4
#####################################################################################################

Blanket Block on SSL (HTTPS):
I also tried blanket block for SSL, and adding an exception (without timed exception).  I have inconsistent results - sometimes it works, sometimes it does not.  I cannot figure out why.  I use the same scripts, and restart e2g and for extended periods of time it fails, then works later - I may have switched something, but after numerous attempts to document and monitor, I find no explanation.  

ULTIMATELY I DESIRE:
I desire a blanket block for SSL, with an exception list, and a timed exception list. 

STORYLINE
I presume that there is something required for me to do with using storylines, e.g. something along the lines below, but not working for me...
  • enact Blanket block on SSL in examplef1.story
  • #exception lists
    sitelist = 'name=exception,messageno=602,path=/etc/e2guardian/lists/exceptiontimelist'
    with below in exceptiontimelist
      time: 13 10 13 22 0123456
      facebook.com
      youtube.com
  • Results: This allows facebook.com & youtube.com, but even after 13 22, I still have access to the two sites.  restarting e2g makes no difference; closing and restarting FF no difference (cache clears upon closing FF).  However, If I remove the two sites from the timed exception list, and add google.com, and only modify the end time (e.g. 13 25) then facebook & youtube are blocked upon restarting e2g, and google.com is allowed.  After 13 25, google.com continues to be allowed even if I restart FF browser.  So, the excptiontimelist appears to work in terms of what is acknowledged as an exception, but does not remove the exception after the time.  Changing the time start to a time later than the time I am testing the script, results in google.com still being permitted.  So, it appears that the timelist is being treated as an untimed exception list.
  • Attempts to add to e2guardianf1.conf:
    • sitelist = 'name=exception,messageno=603,path=/etc/e2guardian/lists/exceptiontimelist'
      only appears to overwrite the exceptionsitelist

Any examples or other help would be great.  Is there a chance that I need to simply remove squid and reinstall e2g?  I will give that a try in the meantime.

Thanks,
Tim



Tim McGreevy

unread,
Dec 19, 2020, 8:31:09 PM12/19/20
to e2guardian
Update:

  1. Updated from 18.04 to 20.04 Lbutnu; same FF (84.0)
  2. Used Synaptic to install e2g5.3.4
  3. Apparently the same edits made to the new e2g install
    1. blanket block HTTP & SSL
    2. exceptionsitelist - add youtube.com (no use of time, yet)
    3. manual proxy in FF --> 192.168.1.12:8080 for HTTP, HTTPS(SSL), FTP
    4. restart e2g
  4. Works first time
  5. Edit exceptionsitelist >> switch out google.com for youtube; restart e2g; works immediately
I manually checked the old files, content appears the same, except some comment lines.
Attempted to use old files, fails to work.

Not sure of problem, corrupted files or some missing character that I am not catching.

Consider this partially resolved.  Will try timelist (exception and banned) later... dinner.

Thanks,
Tim

Tim McGreevy

unread,
Dec 19, 2020, 8:56:58 PM12/19/20
to e2guardian
Update2:

Attempted timelist:

exceptionsitelist:
# Added sites
time: 19 44 19 49 0123456
.Include</etc/e2guardian/lists/exceptiontimelist>

exceptiontimelist:

Testing:
before 19 44 --> blocks google.com; allows youtube.com (consistent with my expectations)
after 19 44, before 19 49 --> allows youtube.com and google.com (consistent with my expectations)
at 19 49, before 19 50 --> allows youtube.com and google.com (wasn't sure if it will end at 19 49 or 19 50...)
after 1949, e.g. 19 50 --> still allows google.com and youtube.com (inconsistent with my expectations)

So, either there is some issue with differences in clocks, I am missing something or misunderstanding how the time is to work, or this feature is not supposed to work in 5.3.4, or there is a bug.

Please advise.

Thanks,
Tim

Philip Pearce

unread,
Dec 21, 2020, 8:16:53 AM12/21/20
to Tim McGreevy, e2guardian
1.  The syntax for the #time: directive is wrong - it must have a single '#' in front i.e. '#time: ' not 'time: '.

2.  The #time: directive applies to the whole of the file it is in.  So to do what I think you are trying to do the '#time: ...' needs to be in the exceptiontimelist

Regards
Philip

--
E2guardian:
https://groups.google.com/d/forum/e2guardian
Github:
https://github.com/e2guardian/e2guardian
Follow us on twitter:
https://twitter.com/e2guardian
---
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/e2guardian/35b5eab5-b82e-40c8-8fe9-7ad0255fce30n%40googlegroups.com.

Tim McGreevy

unread,
Dec 21, 2020, 9:08:44 AM12/21/20
to e2guardian
Thank you.  I will give that a try.  I have switched to the pre-release for 5.4.2r now, which I understand has a new syntax/method for 'time', which omits '#time:' altogether, and only uses the numerical values and spaces.  It appears to be working for me.

If you have time I have a different post: I can't seem to find a command (if any exists) to automatically clear cache of browsers when a timed blanket block is initiated. Is there one?  

Tim

Tim McGreevy

unread,
Dec 24, 2020, 1:45:42 PM12/24/20
to e2guardian
Hi Philip,

Thanks for the tip on syntax for 'time'.  FYI - other documentation says any line starting with "#" is interpreted as a comment (threw me until your reply).

I tried 5.4.2r, still issues; made a separate post.
I went back to 5.3.4, tried omitting time altogether as well as setting time as '#time: 00 00 23 59 0123456' for both exceptionsitelist & refererexceptionsitelist.  I can access 'exceptionsitelist' but always fails with 'refererexceptionsitelist'

Code below.  There must be some minor but critical detail that I am missing, or something wrong with the debian compilation?

e2g version 5.3.4

examplef1.story
.Include</etc/e2guardian/common.story>
.Include</etc/e2guardian/site.story>

# To create blanket block for http 
# uncomment next line and one condition line.
function(checkblanketblock)
if(true,,502) return setblock  # = ** total blanket
#if(siteisip,,505) return setblock  # = *ip ip blanket

# To create blanket block for SSL 
# uncomment next line and one condition line.
function(sslcheckblanketblock)
if(true,,506) return setblock  # = **s total blanket
#if(siteisip,,507) return setblock  # = **ips ip blanket

site.story (no changes)

e2guardianf1.conf (no changes)

e2guardian.conf (no changes)

exceptionsitelist
#time: 00 00 23 59 0123456

refererexceptionsitelist
#time: 00 00 23 59 0123456


to restart e2guardian >> sudo service e2guardian restart

Fails to open link to www.whatismyreferer.com/ on the above webpage, response is
"Secure Connection Failed   An error occurred during a connection to www.whatismyreferer.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem."

Is there some certification/authentication setting required to avoid throwing the error above? Or is this simply some standard response?  I get the same response when I try to open anything not in the exceptionsitelist as well - so I presume that it is a generic response.

I am also attaching the log output from:  /var/log/e2guardian/access.log

1608835055.548 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 50 - 502 - 0 - no_name_group 1
1608835055.610 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835055.646 - 192.168.1.12 192.168.1.12 https://content-signature-2.cdn.mozilla.net:443 CONNECT 0 0 - - - 20 - 506 - 0 - no_name_group 1
1608835055.650 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835055.674 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835055.759 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835055.863 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835056.262 - 192.168.1.12 192.168.1.12 https://spocs.getpocket.com:443 CONNECT 0 0 - - - 44 - 506 - 0 - no_name_group 1
1608835056.329 - 192.168.1.12 192.168.1.12 https://getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 21 - 506 - 0 - no_name_group 1
1608835056.329 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.398 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 46 - 502 - 0 - no_name_group 1
1608835056.420 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835056.427 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835056.443 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 99 - 506 - 0 - no_name_group 1
1608835056.477 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.504 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 9 - 506 - 0 - no_name_group 1
1608835056.514 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.541 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835056.606 - 192.168.1.12 192.168.1.12 https://snippets.cdn.mozilla.net:443 CONNECT 0 0 - - - 44 - 506 - 0 - no_name_group 1
1608835056.639 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835056.641 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835056.643 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 24 - 506 - 0 - no_name_group 1
1608835056.646 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835056.660 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.667 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835056.673 - 192.168.1.12 192.168.1.12 https://location.services.mozilla.com:443 CONNECT 0 0 - - - 93 - 506 - 0 - no_name_group 1
1608835056.685 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835056.724 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.734 - 192.168.1.12 192.168.1.12 https://safebrowsing.googleapis.com:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835056.762 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835056.811 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835056.869 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 64 - 506 - 0 - no_name_group 1
1608835056.873 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 65 - 506 - 0 - no_name_group 1
1608835056.873 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835056.876 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 66 - 506 - 0 - no_name_group 1
1608835056.876 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835056.882 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835056.924 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835056.924 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 9 - 506 - 0 - no_name_group 1
1608835056.924 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835056.972 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 28 - 502 - 0 - no_name_group 1
1608835057.002 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835057.017 - 192.168.1.12 192.168.1.12 https://push.services.mozilla.com:443 CONNECT 0 0 - - - 75 - 506 - 0 - no_name_group 1
1608835057.031 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835057.083 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.138 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.449 - 192.168.1.12 192.168.1.12 https://duckduckgo.com:443 CONNECT 0 0 - - - 25 - 506 - 0 - no_name_group 1
1608835057.449 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 27 - 506 - 0 - no_name_group 1
1608835057.449 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 29 - 506 - 0 - no_name_group 1
1608835057.449 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 28 - 506 - 0 - no_name_group 1
1608835057.454 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 33 - 506 - 0 - no_name_group 1
1608835057.454 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 30 - 506 - 0 - no_name_group 1
1608835057.454 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 32 - 506 - 0 - no_name_group 1
1608835057.501 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 19 - 506 - 0 - no_name_group 1
1608835057.504 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.505 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 23 - 506 - 0 - no_name_group 1
1608835057.537 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.563 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835057.586 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835057.613 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 25 - 502 - 0 - no_name_group 1
1608835057.628 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 66 - 506 - 0 - no_name_group 1
1608835057.639 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.793 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835057.832 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 65 - 506 - 0 - no_name_group 1
1608835057.832 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835057.853 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835057.860 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835057.880 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835057.884 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.909 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835057.934 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835057.958 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835058.125 - 192.168.1.12 192.168.1.12 http://ocsp.digicert.com POST 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835059.087 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 67 - 506 - 0 - no_name_group 1
1608835059.087 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 65 - 506 - 0 - no_name_group 1
1608835059.091 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 66 - 506 - 0 - no_name_group 1
1608835059.233 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.271 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.304 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.332 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.357 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835059.380 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 15 - 506 - 0 - no_name_group 1
1608835059.380 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 14 - 506 - 0 - no_name_group 1
1608835059.381 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835059.381 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 16 - 506 - 0 - no_name_group 1
1608835059.385 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 23 - 506 - 0 - no_name_group 1
1608835059.385 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 19 - 506 - 0 - no_name_group 1
1608835059.385 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 18 - 506 - 0 - no_name_group 1
1608835059.389 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835059.449 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.453 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835059.455 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.456 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835059.456 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.456 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.457 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.457 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835059.461 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 10 - 506 - 0 - no_name_group 1
1608835059.475 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 26 - 502 - 0 - no_name_group 1
1608835059.497 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835059.510 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835059.538 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835059.563 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.575 - 192.168.1.12 192.168.1.12 https://github.githubassets.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835059.589 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835059.614 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835059.799 - 192.168.1.12 192.168.1.12 https://github.com:443 CONNECT 0 57152 - - - 1777 - 602 *TRUSTED* Site match: github.com 0 - no_name_group 1
1608835059.806 - 192.168.1.12 192.168.1.12 https://github.githubassets.com:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835059.977 - 192.168.1.12 192.168.1.12 https://collector.githubapp.com:443 CONNECT 0 0 - - - 41 - 506 - 0 - no_name_group 1
1608835060.011 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 24 - 502 - 0 - no_name_group 1
1608835060.036 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835060.058 - 192.168.1.12 192.168.1.12 http://ocsp.digicert.com POST 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835060.064 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 25 - 502 - 0 - no_name_group 1
1608835060.089 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835060.114 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835060.139 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835061.526 - 192.168.1.12 192.168.1.12 https://www.whatismyreferer.com:443 CONNECT 0 0 - - - 322 - 506 - 0 - no_name_group 1
1608835061.569 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 31 - 502 - 0 - no_name_group 1
1608835061.639 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 27 - 502 - 0 - no_name_group 1
1608835061.669 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835061.693 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835061.718 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835061.741 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.094 - 192.168.1.12 192.168.1.12 https://push.services.mozilla.com:443 CONNECT 0 0 - - - 69 - 506 - 0 - no_name_group 1
1608835062.125 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.148 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.172 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.195 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.219 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.243 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.564 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835062.591 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835062.596 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.611 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835062.622 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.645 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.669 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835062.693 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835062.716 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1



Changing reportinglevel = 3 to reportinglevel = 2 in e2guardianf1.conf
1608835413.041 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 29 - 502 - 0 - no_name_group 1
1608835413.135 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 31 - 502 - 0 - no_name_group 1
1608835413.140 - 192.168.1.12 192.168.1.12 https://content-signature-2.cdn.mozilla.net:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835413.176 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835413.231 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 53 - 502 - 0 - no_name_group 1
1608835413.283 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 29 - 502 - 0 - no_name_group 1
1608835413.293 - 192.168.1.12 192.168.1.12 https://location.services.mozilla.com:443 CONNECT 0 0 - - - 108 - 506 - 0 - no_name_group 1
1608835413.386 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835413.810 - 192.168.1.12 192.168.1.12 https://spocs.getpocket.com:443 CONNECT 0 0 - - - 44 - 506 - 0 - no_name_group 1
1608835413.877 - 192.168.1.12 192.168.1.12 https://getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835413.884 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835413.918 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835413.951 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835413.966 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 17 - 506 - 0 - no_name_group 1
1608835413.979 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 53 - 506 - 0 - no_name_group 1
1608835413.983 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835413.993 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835414.012 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 24 - 502 - 0 - no_name_group 1
1608835414.040 - 192.168.1.12 192.168.1.12 https://snippets.cdn.mozilla.net:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835414.040 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.107 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 25 - 502 - 0 - no_name_group 1
1608835414.113 - 192.168.1.12 192.168.1.12 https://firefox.settings.services.mozilla.com:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.143 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.167 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.196 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.203 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835414.207 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.210 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.273 - 192.168.1.12 192.168.1.12 https://safebrowsing.googleapis.com:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.277 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 16 - 506 - 0 - no_name_group 1
1608835414.290 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.294 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.330 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.354 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.356 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.396 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835414.403 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835414.403 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835414.423 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835414.449 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.479 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835414.484 - 192.168.1.12 192.168.1.12 https://push.services.mozilla.com:443 CONNECT 0 0 - - - 70 - 506 - 0 - no_name_group 1
1608835414.503 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.532 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835414.777 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835414.820 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.865 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835414.897 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 27 - 502 - 0 - no_name_group 1
1608835414.925 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835414.949 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835414.980 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.001 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 23 - 506 - 0 - no_name_group 1
1608835415.001 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 23 - 506 - 0 - no_name_group 1
1608835415.004 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 27 - 506 - 0 - no_name_group 1
1608835415.005 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 27 - 506 - 0 - no_name_group 1
1608835415.007 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 28 - 506 - 0 - no_name_group 1
1608835415.007 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 30 - 506 - 0 - no_name_group 1
1608835415.012 - 192.168.1.12 192.168.1.12 https://duckduckgo.com:443 CONNECT 0 0 - - - 33 - 506 - 0 - no_name_group 1
1608835415.072 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 18 - 506 - 0 - no_name_group 1
1608835415.076 - 192.168.1.12 192.168.1.12 https://staticcdn.duckduckgo.com:443 CONNECT 0 0 - - - 21 - 506 - 0 - no_name_group 1
1608835415.076 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.104 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.115 - 192.168.1.12 192.168.1.12 http://ocsp.digicert.com POST 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.129 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.156 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835415.158 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835415.181 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.205 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.320 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835415.343 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835415.349 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835415.362 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835415.373 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835415.397 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835415.422 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835415.447 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835415.473 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835415.878 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 8 - 506 - 0 - no_name_group 1
1608835415.881 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 9 - 506 - 0 - no_name_group 1
1608835415.888 - 192.168.1.12 192.168.1.12 https://incoming.telemetry.mozilla.org:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835415.927 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835416.056 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835416.106 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 32 - 502 - 0 - no_name_group 1
1608835416.135 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835416.171 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835416.198 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835416.207 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835416.207 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 10 - 506 - 0 - no_name_group 1
1608835416.207 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 9 - 506 - 0 - no_name_group 1
1608835416.208 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835416.208 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 13 - 506 - 0 - no_name_group 1
1608835416.208 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835416.208 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835416.208 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835416.220 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 24 - 506 - 0 - no_name_group 1
1608835416.220 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 23 - 506 - 0 - no_name_group 1
1608835416.250 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.269 - 192.168.1.12 192.168.1.12 https://avatars0.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.270 - 192.168.1.12 192.168.1.12 https://avatars3.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.270 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.272 - 192.168.1.12 192.168.1.12 https://avatars1.githubusercontent.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835416.274 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.274 - 192.168.1.12 192.168.1.12 https://avatars2.githubusercontent.com:443 CONNECT 0 0 - - - 6 - 506 - 0 - no_name_group 1
1608835416.307 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835416.343 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835416.368 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835416.393 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835416.418 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835416.418 - 192.168.1.12 192.168.1.12 https://github.githubassets.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.440 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835416.642 - 192.168.1.12 192.168.1.12 https://github.com:443 CONNECT 0 57321 - - - 1666 - 602 *TRUSTED* Site match: github.com 0 - no_name_group 1
1608835416.643 - 192.168.1.12 192.168.1.12 https://github.githubassets.com:443 CONNECT 0 0 - - - 7 - 506 - 0 - no_name_group 1
1608835416.804 - 192.168.1.12 192.168.1.12 https://collector.githubapp.com:443 CONNECT 0 0 - - - 38 - 506 - 0 - no_name_group 1
1608835416.835 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835416.858 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835416.865 - 192.168.1.12 192.168.1.12 http://ocsp.digicert.com POST 200 0 - - - 19 - 502 - 0 - no_name_group 1
1608835416.881 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835416.906 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835416.959 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 50 - 502 - 0 - no_name_group 1
1608835416.981 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835419.143 - 192.168.1.12 192.168.1.12 https://img-getpocket.cdn.mozilla.net:443 CONNECT 0 0 - - - 12 - 506 - 0 - no_name_group 1
1608835419.575 - 192.168.1.12 192.168.1.12 https://push.services.mozilla.com:443 CONNECT 0 0 - - - 81 - 506 - 0 - no_name_group 1
1608835419.606 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835419.630 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835419.654 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835419.678 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835419.703 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835419.727 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1

NOW > Press the link in the github site... response is below...
1608835439.183 - 192.168.1.12 192.168.1.12 https://www.whatismyreferer.com:443 CONNECT 0 0 - - - 169 - 506 - 0 - no_name_group 1
1608835439.216 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1
1608835439.241 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835439.290 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 23 - 502 - 0 - no_name_group 1
1608835439.315 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 20 - 502 - 0 - no_name_group 1
1608835439.339 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 21 - 502 - 0 - no_name_group 1
1608835439.365 - 192.168.1.12 192.168.1.12 http://detectportal.firefox.com/success.txt GET 200 0 - - - 22 - 502 - 0 - no_name_group 1

Response to pressing github site is above...

I appreciate any help; I am sure it is something simple, but I can't seem to figure it out.

Happy Holidays.
Tim

Tim McGreevy

unread,
Dec 24, 2020, 2:45:11 PM12/24/20
to e2guardian
Hi Philip, 

FYI - I have attempted yet another installation of e2guardian, wrapped/integreated with a docker, see https://github.com/beechfuzz/e2guardian-docker/wiki
No issues with installation.  It appears to utilize e2g 5.3.3.

I implemented the same edits to the examplef1.conf file (consistent with instructions per beechfuzz) and exceptionsitelist & refererexceptionsitelist files (no time is used, simple blanket block and always applied exceptions.  Exceptionsitelist works; refererexceptionsitelist does not work.

Regards,
Tim

Philip Pearce

unread,
Dec 29, 2020, 7:52:01 AM12/29/20
to Tim McGreevy, e2guardian
Hi Tim,

I think your problem is with the refererexceptions - this works by looking in the http Referer: header field.

It looks from your description that you do not have https interception enabled.   You need to configure and enable MITM for this to work with https sites.   

With https the browser only sends a CONNECT request to the proxy, the http headers are sent after the encrypted TLS tunnel is established between the browser and the target server, so cannot be seen by e2g unless you have MITM working.

Enabling MITM would also mean that users get a meaningful block page on https requests.

Also, you need to note that refererexceptions only work for one layer down, so site pages that call other urls (e.g. images, css, etc) may not load completely without allowing these called sites.   Also, will not work at all if browser has Referer: switched off for privacy reasons.

Regards
Philip

Philip Pearce

unread,
Dec 29, 2020, 8:01:12 AM12/29/20
to Tim McGreevy, e2guardian
Hi Tim,


Philip

Tim McGreevy

unread,
Dec 29, 2020, 6:18:29 PM12/29/20
to Philip Pearce, e2guardian
Hi Phillip,

Thank you for your feedback.

I had deduced that SSL MITM might be an issue.  I tried to follow a setup posted online for MITM setup, but I found that I need to configure authentication and certificates which I do not know how to accomplish.  Glancing at your reference for MITM instructions in your last reply I see that it does have some instructions on certificates.  Thanks, I will give it a try.

Meanwhile, before your reply, I did attempt to use a Docker for e2g (https://github.com/beechfuzz/e2guardian-docker) that does use SSL MITM and e2g 5.3.3.  From my understanding the Docker automatically generates the certificates and keys, per the website: "An E2Guardian Docker container with SSL MITM enabled by default; a secondary proxy is not required."   After install it appears the Docker/e2g does have CA and keys, as a subdirectory structure is created with what appear to be certificates and what not for the process.  However, I still could not access sites referenced by sites in the refererexceptionsitelist, even the 1st layer.  I CAN access the sites in the exceptionsitelist file.  As noted earlier, I tested the referring website (which is listed in the exceptionsitelist) outside of the e2g / proxy setup, and it does provide the header that permits determining the referring website.

However, as the last bit of instructions indicates, I must load into the browser manually the certificates.  I think this is the missing step.  However, when I do this (FireFox browser), I get a mixed response.  I can access sites on the excecptionsitelist, but sometimes it appears to still be attempting to load part of the content after a long time, e.g. images - perhaps this has something to do with embedded items.  But sometimes the entire website fails to load outright.  I tested with a different browser that does not have the certificates loaded and uses the system proxy, and the same page loads in full quickly - so it is not a webserver problem.  I am able to access some of the sites that are referred to by an exception site - perhaps some of them are setup differently regarding the headers /etc as you indicate.  

I will have to do some more testing, but perhaps this addressed the refererexceptionsitelist.  

I will likely try a direct install of e2g v5.4 now and give the manual certification/keys a shot.  

If you have any advice on the speed issue, that would be helpful.  I currently have a Linux machine (Lubuntu 20.04) running with e2g installed; 4GB ram, dual core CPU ~>2GHz processor, with plenty of hard drive space.  I would assume that this would be plenty to handle the encryption/decryption for SSL - or are my expectations out of line with reality?  I have not yet installed any Blacklist, only a very short exceptionsitelist, with the refererexceptionsitelist identical to the exceptionsitelist.

Thanks,
Tim

kd.gun...@googlemail.com

unread,
Dec 30, 2020, 9:08:55 AM12/30/20
to e2guardian

Thanks for the tip on syntax for 'time'.  FYI - other documentation says any line starting with "#" is interpreted as a comment (threw me until your reply).

 Hi Philip,

I also find it very surprising to see that comments also may have active directives.
You also introduced the "." notation (e.g .Include / .Define )  for special directives,
couldn't we also use the "." notation for time ??

Klaus

Philip Pearce

unread,
Dec 30, 2020, 12:14:13 PM12/30/20
to kd.gun...@googlemail.com, e2guardian
Hi Klaus,

The only one I introduced was the .Define directive.

The .Include, #time and #listcategory: directives and syntax within list files all come from Dansguardian and have been around for at least 16 years!

In v5.4 I introduced the .Include directive for .conf files, but the syntax is the same as has always been used in the lists files, except that relative paths are now allowed.

I agree it is confusing. I'll look at changing to .listcategory and .time in v5.5, but will have to also accept old syntax as well as there will be a lot of scripts being used that insert #listcategory: directives into list files!

(There are many other examples of #something being used as a directive as well as # as a comment.  Bash and perl for example where #! has special meaning at the top of the file)

Philip



From: "'kd.gun...@googlemail.com' via e2guardian" <e2gua...@googlegroups.com>
To: "e2guardian" <e2gua...@googlegroups.com>
Sent: Wednesday, 30 December, 2020 2:08:55 PM
Subject: Re: e2g5.3.4 timelists

--
E2guardian:
https://groups.google.com/d/forum/e2guardian
Github:
https://github.com/e2guardian/e2guardian
Follow us on twitter:
https://twitter.com/e2guardian
---
You received this message because you are subscribed to the Google Groups "e2guardian" group.
To unsubscribe from this group and stop receiving emails from it, send an email to e2guardian+...@googlegroups.com.

kd.gun...@googlemail.com

unread,
Dec 30, 2020, 5:56:37 PM12/30/20
to e2guardian
Hi Tim,

> Meanwhile, before your reply, I did attempt to use a Docker for e2g (https://github.com/beechfuzz/e2guardian-docker) that does use SSL MITM and e2g 

Nice finding, I didn't know about this project (I'm building my own docker container for e2guardian) 

As beechfuzz notes:
>  One of my biggest annoyances with E2Guardian is how scattered the information is. This makes it difficult to research and can turn people away  

I'm trying to consolidate the e2guardian documentation for the coming 5.5 version, but even I need some help for the parts in e2g which I don't understand ;-)

Klaus

Reply all
Reply to author
Forward
Message has been deleted
0 new messages