Unofficial E2guardian package for pfSense



  • @jetberrocal:

    So still web browsers pass without asking user/pass.

    I'm installing squid to do some authentication tests



  • @marcelloc:

    @jetberrocal:

    So still web browsers pass without asking user/pass.

    I'm installing squid to do some authentication tests

    Thanks.  Without authentication the Groups are not really used.



  • @jetberrocal:

    Thanks.  Without authentication the Groups are not really used.

    METHOD 1(sandwich mode)

    on e2guardian,

    • select tinyproxy as parent proxy (127.0.0.1:8888)

    • create a second group and include a user on it

    • on general tab, Selected proxy-basic and proxy digest

    • save, apply

    on squid,

    • configured local authentication

    • create a test/lab user

    • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

    • save

    METHOD 2

    on e2guardian,

    • select squid not on loopback as parent proxy (192.168.0.38:3128)

    • create a second group and include a user on it

    • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

    • save, apply

    on squid,

    • listen squid on lan interface

    • configure local authentication

    • create a test/lab user

    • save

    with these setups, I have users under e2guardian logs



  • @marcelloc:

    @jetberrocal:

    Thanks.  Without authentication the Groups are not really used.

    METHOD 1(sandwich mode)

    on e2guardian,

    • select tinyproxy as parent proxy (127.0.0.1:8888)

    • created a second group and included lab user on it

    • on general tab, Selected proxy-basic and proxy digest

    • save, apply

    on squid,

    • configured local authentication

    • created a lab user

    • configured remote cache with e2guardian ip, port peer type parent method round-robin and proxy only

    METHOD 2

    on e2guardian,

    • select squid not on loopback as parent proxy (192.168.0.38:3128)

    • created a second group and included lab user on it

    • on general tab, Selected proxy-basic, proxy-ntml(maybe optional) and proxy-digest

    • save, apply

    on squid,

    • configured local authentication

    • created a lab user

    with these setups, I have users under e2guardian logs

    I tried method two, but selecting only proxy-basic.  Set the ip of the squid/proxy which is 192.168.1.1 (the same as e2g and pfsense - they are on same server/box).

    But did not work.  e2g could not connect to squid for some weird reason.

    Tried again, but now I set both IP and port of squid even if port was default value.  This time worked.



  • Try a service stop/start and try to watch the traffic with tcpdump.

    You can also test on console if a telnet in squid port connects.



  • I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

    I think the error is some missing code for the ssl regex section, because looking the folder the other *.g_Authenticated files are being created.

    I guess I can create the file manually as a work around, but I prefer that this is solved in the code.



  • I'll test again with the ssl inspection enabled to see if still has something to fix.



  • @jetberrocal:

    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

    Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.



  • @jetberrocal:

    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

    fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

    
    fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
    
    


  • @marcelloc:

    @jetberrocal:

    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

    Got the same error with the subsequent groups. I'll check the code to see what is wrong and tell you when it's fixed.

    Is good that you could replicate the problem.

    Thank you for your efforts.



  • @marcelloc:

    @jetberrocal:

    I am still missing the fix to the sslsiteregexplist.g_Authenticated: No such file or directory error.

    fetch the e2guardian.inc file again via ssh, edit and save config and see if it's finally fixed

    
    fetch -o /usr/local/pkg/e2guardian.inc https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/usr/local/pkg/e2guardian.inc
    
    

    Done.

    It worked.  File was created in the folder and was found.

    Thank you again.

    This was a minor error but I guess the pfsense people are being critical and that is why it is still not on the pfsense repo.



  • @jetberrocal:

    Thank you for your efforts.

    Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

    E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)



  • @marcelloc:

    @jetberrocal:

    Thank you for your efforts.

    Except for the clamav integration and coexistence with squid setup(I did not had time to test yet), I'm running e2Guardian with ssl interception(facebook, youtube videos), authentication and non-sandwich mode.

    E2guardian 3.5.1 with 4.1 backport cert fix is working really nice.  8)

    In my opinion is ready for a version 1.0 in the pfsense repo.  In my case I feel already have the features I need for production.



  • If you need wpad or planning to test, I've finished a package for it on my repo.



  • @marcelloc:

    If you need wpad or planning to test, I've finished a package for it on my repo.

    I use wpad but do not use it for "Auto detect" proxy, because Windows OS machines have a bug that fail to auto detect successfully.  They do download the wpad file but they do not update the file correctly.  They have a registry key/value that is set the first time with the wpad file if any found, but latter if the wpad changes or is found, the registry key fails to be updated.  It is easier to create a Domain gpo setting the wpad.

    It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.



  • @jetberrocal:

    It would be nice to be able to download directly from pfsense box instead to have other web server to serve it.

    Take a look when you have time.

    https://forum.pfsense.org/index.php?topic=131169.0



  • Cron was already installed. I installed Aquid next to it.

    I did the complete reinstall as per my previous post of yesterday, now no errors during install, yet same errors in status/system logs after enabling e2guardian,  and e2guardian nor tiny start in Status/Services.

    May 26 16:16:52

    |
    | root |
    |

    /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/q][/t][/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error reading filter group conf file(s). [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error opening bannedsitelist [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

    | May 26 16:16:52 | e2guardian | 69964 |

    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

    | May 26 16:16:34 | php-fpm | 58737 |

    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/t]

    | May 26 16:16:34 | root |
    |

    /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error parsing the e2guardian.conf file or other e2guardian configuration files [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error reading filter group conf file(s). [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error opening bannedsitelist [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains [/t]

    | May 26 16:16:34 | e2guardian | 61336 |

    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory [/t]

    | May 26 16:16:34 | php-fpm | 58737 |

    /pkg_edit.php: Starting E2guardian [/t]

    | May 26 16:16:29 | php-fpm | 89842 |

    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'

    [/t]



  • @Mr.:

    yet same errors in status/system logs after enabling e2guardian

    Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).



  • OMG!! Now everything is working perfectly! Certificates are forged and have the required SAN (Subject Alternative Name) for Google Chrome, Firefox etc to work.
    Here's my sexy page at home :P – 'KorTeX' is just what I call my network.

    I only have one issue still. When a page is blocked by ShallaList, or by banned expressions / phraselists. On the report page (block page) it does not correctly tell you what the page was categorised as (it says N/A as you can see on my screenshot) . For example, using the Smoothwall I have at my College, if you try to go to a blocked site, it will tell you why it was blocked and the correct category. When using E2G, currently it just says "Blocked site : whatever.com". If that was fixed it would be even more AMAZING!

    Another issue is FALSE POSITIVES. I guess it's my configuration related but why is Yandex images, or Bing Images link being classified as portugese pornography? Without anything being typed in or searched? Are the phraselists up to date?

    Also… On Smoothwall blocking... I realised, when you block advertises using their Guardian Proxy, it doesn't show the block page. Instead it says "advert blocked". Which makes sense, because say for example you're on a website and it's trying to load an ad in a DIV, the block page will show in a small tiny box and be useless. If possible, I'd much rather have it become a white box, or just say advert blocked. Let me know if you want a screenshot or an example of what I mean. But essentially, advertises on websites get replaced by the block page, but because the ads are small, it doesn't display the block page properly and it won't make sense. Since the text would be too small anyways.

    Once again, thanks for your fantastic work Marcello! Absolutely love the amazing work you do for the community! <3



  • Pfsensation

    Maybe the category problem is a e2g v 3.5.1 bug.

    Perhaps you can post a question on the e2g forum how to work this problem.

    I also have the problem here with this e2g.



  • So I hate to be the guy who probably missed a step somewhere and has no idea what he did wrong, but here's my issue. I installed e2Guardian, installed the shallalist and got URL blocking working, but I cannot get the phrase list working at all. Zero. Nada. I've tried going to keywords that are listed in the files for the categories I selected. No blocking. I even edited the config section under ACLs > Phrase List > Banned List > Config file and added the following to it: <jonathan>    Then I tried to pull up a website with the name Jonathan on it - no blocking whatsoever.

    I'm pulling my hair out on this. Can anyone tell me what step I might have missed that is causing the phrase blocking to not work? Again, I'm really sorry to be the guy who is probably asking a really dumb question.

    Thanks in advance,

    Jonathan</jonathan>



  • The site you're testing has Jonathan on the url or on page content?



  • @marcelloc:

    The site you're testing has Jonathan on the url or on page content?

    Thanks for the reply. It had the word in the page content. Am I misunderstanding something? Is there a way to block a site based on phrases in the page content?



  • @jkrueger2020:

    @marcelloc:

    The site you're testing has Jonathan on the url or on page content?

    Thanks for the reply. It had the word in the page content. Am I misunderstanding something? Is there a way to block a site based on phrases in the page content?

    Sure. This is what e2guardian does. Check if your request are getting logged and set log to dansguardian style. this way you can check more details.



  • @marcelloc:

    @Mr.:

    yet same errors in status/system logs after enabling e2guardian

    Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).

    Thank you, also for testing it yourself in a clean install.

    As far as I know, I have been through every tab, every field. I uncommented some default categories, added ports 8080 and 8888 (as I don't use Squid), but still, it doesn't work.

    May 28 18:08:59    php-fpm    62161    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Unable read plugin config plugname variable: /usr/local/etc/e2guardian/authplugins/proxy-header.conf auth_plugin_load() returned NULL pointer with config file: /usr/local/etc/e2guardian/authplugins/proxy-header.conf Error loading auth plugins Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
    May 28 18:08:59    root        /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
    May 28 18:08:59    e2guardian    65089    Error parsing the e2guardian.conf file or other e2guardian configuration files
    May 28 18:08:59    e2guardian    65089    Error loading auth plugins
    May 28 18:08:59    e2guardian    65089    auth_plugin_load() returned NULL pointer with config file: /usr/local/etc/e2guardian/authplugins/proxy-header.conf
    May 28 18:08:59    e2guardian    65089    Unable read plugin config plugname variable /usr/local/etc/e2guardian/authplugins/proxy-header.conf
    May 28 18:08:59    php-fpm    62161    /pkg_edit.php: Starting E2guardian
    May 28 18:08:54    php-fpm    59553    /pkg_edit.php: [E2guardian] - Save settings package call pr: bp: rpc:no

    Is there any way we can find out what is going on?



  • Disable authentication plugins. Test e2guardian​itself before testing authentication integration



  • Is there anyway to get some useful logging? For example being able to see which user tried to access blocked content etc?

    I know there's some logging options but it's confusing. And I have no idea where it's actually saving the logs.

    Also, I've added a bypass button to my block page. However, how do I make it appear for only certain groups? Currently it appears for everyone but only someone from a group with bypass access can use it.



  • @marcelloc:

    Disable authentication plugins. Test e2guardian​itself before testing authentication integration

    Thank you.

    I actually enabled them all because of your suggestion I hadn't configured everything. It didn't work when non were activated, it didn't work when I actived them, and now I disabled it and it still doesn't work.

    May 28 22:21:42    php-fpm    10115    /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
    May 28 22:21:42    root        /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
    May 28 22:21:42    e2guardian    15628    Error parsing the e2guardian.conf file or other e2guardian configuration files
    May 28 22:21:42    e2guardian    15628    Error reading filter group conf file(s).
    May 28 22:21:42    e2guardian    15628    Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
    May 28 22:21:42    e2guardian    15628    Error opening bannedsitelist
    May 28 22:21:42    e2guardian    15628    Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default
    May 28 22:21:42    e2guardian    15628    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains
    May 28 22:21:42    e2guardian    15628    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory
    May 28 22:21:42    php-fpm    10115    /pkg_edit.php: Starting E2guardian



  • @Mr.:

    
    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory
    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains
    Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default
    Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
    
    

    Still looks like you did not applied a blacklist yet. :(
    What blacklist are you using? I'll test with the same here to see if I get same results.



  • @pfsensation:

    Is there anyway to get some useful logging? For example being able to see which user tried to access blocked content etc?

    I can add the realtime tab from squid package

    I know there's some logging options but it's confusing. And I have no idea where it's actually saving the logs.

    @pfsensation:

    Also, I've added a bypass button to my block page. However, how do I make it appear for only certain groups? Currently it appears for everyone but only someone from a group with bypass access can use it.

    At least on gui, the report file is set for everyone.  I'll take a look if there is a way to set a html report per group when I have time.



  • E2g logs are suposedto be in var/logs/e2guardian/access.log by default. But can be configured in the confs files.



  • @marcelloc:

    Check if your request are getting logged and set log to dansguardian style. this way you can check more details.

    So I turned on E2Guardian logging under E2Guardian > "Report and Log" and am using the following logging settings:
    Logging Options: logconnectionhandlingerrors and logsslerrors are selected
    Log level: All requests
    Log File Format: E2Guardian format -space delimited (I presume that's what you meant by dansguardian logging ?).

    Here is the log of me using bing.com to google the word "Jonathan" and pulling up a baby names website for the name. I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:

    
    2017.5.28 20:33:52 - 192.168.2.51 https://mtalk.google.com:443 *DENIED* Blocked HTTPS site: mtalk.google.com CONNECT 0 0  1 403 -  Default   - -
    2017.5.28 20:34:02 - 192.168.2.51 https://www.google.com:443  CONNECT 297 0  1 200 -  Default   - - 
    2017.5.28 20:37:06 - 192.168.2.51 https://www.google.com:443  CONNECT 297 0  1 200 -  Default   - - 
    2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com  GET 120488 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/s/a/hpc20.png  GET 6327 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/sa/simg/bing_p_rr_teal_min.ico  GET 440 0  1 200 image/x-icon  Default   - - 
    2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/fd/s/a/hp/bing.svg  GET 2269 0  1 200 image/svg+xml  Default   - - 
    2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/rms/BingCore.Bundle/cj,nj/5b0f6180/3a724176.js?bu=rms+answers+Shared+BingCore%24ClientInstV2%24DuplicateXlsDefaultConfig%2cBingCore%24ClientInstV2%24SharedLocalStorageConfigDefault%2cBingCore%24shared%2cBingCore%24env.override%2cEmpty%2cBingCore%24event.custom.fix%2cBingCore%24event.native%2cBingCore%24onHTML%2cBingCore%24dom%2cBingCore%24cookies%2cBingCore%24XHRPrefetch%24rmsajax_xhrprefetch%2cBingCore%24ClientInstV2%24LogUploadCapFeatureDisabled%2cBingCore%24ClientInstV2%24ClientInstConfigSeparateOfflineQueue%2cBingCore%24clientinst%2cBingCore%24replay%2cBingCore%24Animation%2cBingCore%24fadeAnimation%2cBingCore%24framework  GET 11859 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20Blue$BlueIdentityHeader/cj,nj/852c49bb/e5a4c93c.js  GET 1469 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20Blue$BlueIdentityDropdownBootStrap/cj,nj/c0fac2c5/89faaefc.js  GET 1053 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20ReportActivityBootstrap/cj,nj/b02cd505/1fcedcf7.js  GET 409 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20SnrWindowsLiveConnectBootstrap/cj,nj/bf587ad6/f1d86b5a.js  GET 226 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20RewardsNcHeaderBootstrapAjax/cj,nj/da6046e6/37177be5.js  GET 834 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/Framework/cj,nj/f0fe13d0/9101d3f2.js?bu=rms+answers+BoxModel+config.instant%2ccore%2ccore%24viewport%2ccore%24layout%2ccore%24metrics%2cmodules%24mutation%2cmodules%24error%2cmodules%24network%2cmodules%24cursor%2cmodules%24keyboard%2cmodules%24bot  GET 18642 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/MataderoBridge_EN-US9215461155_1920x1080.jpg  GET 346569 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rewardsapp/ncheader?ver=8_01_0_000000&IID=SERP.5066&IG=B2A20E8DF3FF45A5AE8871AA7607E94B  POST 128 0  1 200 text/html  Default   - - application/x-www-form-urlencoded,,4,0,,0;
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rewardsapp/reportActivity  POST 331 0  1 200 application/x-javascript  Default   - - application/x-www-form-urlencoded,,32,0,,0;
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20Blue$RewardsIconBepBlue/cj,nj/0dfdab0b/c8cc1a8c.js  GET 2444 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/AutoSug/cj,nj/0ede0059/7f268558.js?bu=rms+answers+AutoSuggest+Service%2cWeb%24Utils%2cWeb%24EventRegisterer%2cWeb%24EventRegistration%2cEmpty%2cEmpty%2cEmpty%2cWeb%24WebCore%2cWeb%24DataProvider%2cEmpty%2cEmpty%2cWeb%24Canvas%2cWeb%24Layout%2cWeb%24SearchForm%2cWeb%24Ghosting%2cEmpty%2cWeb%24PrefixThrottling%2cEmpty%2cEmpty%2cEmpty%2cWeb%24Init  GET 41157 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/sa/8_01_0_000000/HPImgVidViewer_c.js  GET 15436 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22SERP.2000%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.2000  GET 7340 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/sa/8_01_0_000000/HpbCarouselHeaderPopup.js  GET 21701 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/HPImageArchive.aspx?format=hp&idx=0&n=1&nc=1496018248611&pid=hp&video=1&quiz=1&fav=1&IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.1050  GET 3518 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 https://login.live.com:443  CONNECT 6391 0  1 200 -  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/hpm?IID=SERP.1000&IG=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 23804 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20MultimediaFavorites%20Core$MMFaves/cj,nj/56b755ce/802fbfb7.js  GET 1974 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Homepage%20ImageFavorites/cj,nj/99fc20e9/f936b02d.js  GET 4797 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gk4h42Q9lU4EtYn8OEjh0w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4343 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_nJBHw4U6gMbVxZfYFo1RwA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5723 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_OoXgiqX9Oay856JGvzS5mQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4551 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews__p57gNEEPZNe7qpJ6BUtPQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4103 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mqVHsYFCCcvvCDDMnglQ3g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4012 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_QfZP2ppEVxzXSA-yoFTeng&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3910 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/hpm?IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.1001&chunk=1  GET 33613 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Hdm3aFA4bR-u6AC8cy_jdA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3276 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_IfzGD7vDMQz5vgJytO91EQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4157 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_aB4hjnPd6keFBBptFb4xBw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3229 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gN3cVC33DuKgDFJUh6_0Mg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3750 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_j8JZL0TGnjM1_NIyNqsc1g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4338 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/Passport.aspx?popup=1  GET 320 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_rbVJvY8AheSWX2Qs436mYg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4879 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Rf87MuLtUK30DADykEVT0Q&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4625 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Ox4dCrVSrmNe4uNgNwhv6Q&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5832 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Aj9bDRzNsFlDRdPJsUOmHQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4263 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 https://webservice.accountable2you.com:443  CONNECT 7746 0  1 200 -  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Rs-aOqpAtLd4D7cvvVW05w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4682 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_nwX0_2E9zb4FEXQ-mAI4Nw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5524 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mi_yhimtQoVz7sCBtHGbLg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5226 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gVi_gDxMDKqXyAubzis80g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5948 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/favorites/cfx  GET 6189 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_6Mh-1XP9wcP1mEvkocLN-w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3786 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_9tc0HwVQirtav-z7Ih6cxw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 5040 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_FnPz0CU5CaAVzRmwwh2PHg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3486 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_FvNwzqI2FP1McSKf3oK8OQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 4501 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_JiQGQB5z3j2GYmgX0bipwA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 6790 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mM94NGpY80r8FfAYLjWCIg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow  GET 3714 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/BromoJava_EN-US13327758529_800x480.jpg  GET 60498 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/MataderoBridge_EN-US9215461155_800x480.jpg  GET 64465 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/PyramidsOfMeroe_EN-US10074354144_400x240.jpg  GET 18403 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/BB1883_EN-US15158286681_400x240.jpg  GET 23515 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/Fiddleheads_EN-US12581425191_400x240.jpg  GET 21920 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/Dipper_EN-US11520051960_400x240.jpg  GET 14342 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/LakePowellStorm_EN-US6822865622_400x240.jpg  GET 10068 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/ArlingtonDrone_EN-US12840808174_1920x1080.jpg  GET 347274 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=&cp=0&css=1&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 49188 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=j&cp=1&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2652 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jo&cp=2&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2530 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jon&cp=3&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2564 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonat&cp=5&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2688 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonath&cp=6&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2696 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonatha&cp=7&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2704 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonathan&cp=8&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 2712 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/fd/ls/GLinkPing.aspx?IG=B2A20E8DF3FF45A5AE8871AA7607E94B&ID=SERP,5096.1  GET 42 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/search?q=jonathan&qs=n&form=QBLH&sp=-1&pq=jonathan&sc=8-8&sk=&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B  GET 147239 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/sa/simg/SharedSpriteDesktop_0317.png  GET 7223 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Shared%20AudioPlayer/cj,nj/06434522/a88be62a.js  GET 4201 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20shareWebResults_c.source/cj,nj/14377375/0f4b3475.js  GET 2169 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20MMRichHover_c.source/cj,nj/125b8b5e/358266f5.js  GET 4277 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20SegmentFilters%20Blue$GenericDropDownModernCalendar/cj,nj/9597cdd8/80bcfd34.js  GET 6623 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20ImageRichHover_c.source/cj,nj/237c6cac/826e3f75.js  GET 3276 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Multimedia%20answerDenseIrpOnSerp/cj,nj/31585425/280785e1.js  GET 511 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20WebResult%20Blue$WebResultToolboxBlue/cj,nj/2ae3e834/f0e4bfe8.js  GET 3776 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20VisualSystem%20Footer$IPv6TestScript/cj,nj/057ca6f0/5787c7bb.js  GET 1720 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Web%20SerpKeyboardNavigation/cj,nj/7475625b/75d5c2ad.js  GET 1762 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Web%20SerpKeyboardNavigation_SelectorHeaderPlusAlgo/cj,nj/21e5bd51/760e67e3.js  GET 883 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/th?id=Ae0587b77db405f75496d967798e76f72&w=75&h=75&c=7&rs=1&qlt=80&cdv=1&pid=16.1  GET 2324 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/th?id=Acaaeec41135dae73466ae20403408622&w=75&h=75&c=12&rs=1&qlt=80&cdv=1&pid=16.2  GET 2224 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 https://login.live.com:443  CONNECT 6391 0  1 200 -  Default   - - 
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rewardsapp/ncheader?ver=8_01_0_000000&IID=SERP.5359&IG=A614F5AA45C149B8BC5D8731B4A5802D  POST 128 0  1 200 text/html  Default   - - application/x-www-form-urlencoded,,4,0,,0;
    2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/Passport.aspx?popup=1  GET 320 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.SiAsY3UzXr5C2Jghw2bALADOEu&w=68&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2  GET 4059 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.0j55GDWc_6zMMhm_BxkXNQEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2  GET 3940 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.ob_PVXnbtCOuO7yVjUhRcgHgFo&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2  GET 4923 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.QbA0ljHIaU7927QrTut5sAEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2  GET 4959 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.MWXchiZQ6eQufX6eJal81AEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2  GET 5281 0  1 200 image/jpeg  Default   - - 
    2017.5.28 20:37:34 - 192.168.2.51 http://94976cce011b0f14362048de90a5981c.clo.footprintdns.com/apc/trans.gif  GET 43 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:34 - 192.168.2.51 http://www2.bing.com/ipv6test/test  GET 64 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:34 - 192.168.2.51 http://fca8cab8a6186d2d09110584419c450f.clo.footprintdns.com/apc/trans.gif  GET 43 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:35 - 192.168.2.51 http://www.bing.com/fd/ls/GLinkPingPost.aspx?IG=A614F5AA45C149B8BC5D8731B4A5802D&ID=SERP,5129.1&url=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan  POST 42 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:35 - 192.168.2.51 http://297731de25f050329aadb147d862023e.clo.footprintdns.com/apc/trans.gif  GET 43 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:35 - 192.168.2.51 http://www.thinkbabynames.com/meaning/1/Jonathan  GET 21850 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:35 - 192.168.2.51 http://297731de25f050329aadb147d862023e.clo.footprintdns.com/apc/17k.gif?297731de25f050329aadb147d862023e  GET 18104 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:35 - 192.168.2.51 http://www.thinkbabynames.com/style6.css  GET 8211 0  1 200 text/css  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://code.jquery.com/jquery-latest.min.js  GET 95786 0  1 200 application/javascript  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/tts.js  GET 470 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/dropcap.min.js  GET 1632 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/play.png  GET 761 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/thinkbabynames.png  GET 6357 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/dark-planingwood.png  GET 68769 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/cl-webfont.woff2  GET 11168 0  1 200 text/plain  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/goudyini-webfont.woff2  GET 168512 0  1 200 text/plain  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/0/Jonathan/Jonathan_Johnathan_Johnathon_Jon_Jonathon_Nathan  GET 120784 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/0/Jonathan  GET 108572 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 https://www.google-analytics.com:443 *DENIED* Blocked HTTPS site: google-analytics.com CONNECT 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/audio/recs/point1sec.mp3 *DENIED* Banned file extension: .mp3 GET 0 0 Banned extension 1 403 audio/mpeg  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/1/Jonathan  GET 185217 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/1/Jonathan/Jonathan_Nathan  GET 169376 0  1 200 image/png  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://i.po.st/static/v4/post-widget.js  GET 22538 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://po.st/v1/status?w=wid-51l3pq5&getConfig=true&pubKey=1rn3s9hbucnca0ghdmg5&_=1496018257155&callback=pwNeuCallback70e50  GET 1207 0  1 200 application/javascript  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/favicon.ico  GET 894 0  1 200 image/vnd.microsoft.icon  Default   - - 
    2017.5.28 20:37:36 - 192.168.2.51 http://i.po.st/static/v4/css/post-widget.css?4_29_0_rel_3393  GET 8345 0  1 200 text/css  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/css/theme-default.css?4_29_0_rel_3393  GET 53840 0  1 200 text/css  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/responsive.js  GET 785 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/copypaste.js  GET 1859 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/fonts/post-icons-32.woff  GET 7112 0  1 200 application/font-woff  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://rp.gwallet.com/r1/pixel/x33643r783863113  GET 659 0  1 200 text/html  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://p.po.st/p?vw=4&t=view&v=4.29.0-rel-3393&random=1496018257326&ru=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Djonathan%26qs%3Dn%26form%3DQBLH%26sp%3D-1%26pq%3Djonathan%26sc%3D8-8%26sk%3D%26cvid%3DB2A20E8DF3FF45A5AE8871AA7607E94B&vGUID=1f60-5dd8-b971-aa0a-7342-13e5-5a4a-c842&pu=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan&pt=Jonathan%20-%20Name%20Meaning%2C%20What%20does%20Jonathan%20mean%3F&pub=1rn3s9hbucnca0ghdmg5  GET 43 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://tags.bluekai.com/site/15845?id=AB-f5uhrn26ExaueM-ght6MqA *DENIED* Blocked site: bluekai.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://b.scorecardresearch.com/b?c1=7&c2=8973917&c3=1&ns__t=1496018257462&ns_c=windows-1252&cv=3.1&c8=Jonathan%20-%20Name%20Meaning%2C%20What%20does%20Jonathan%20mean%3F&c7=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan&c9=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Djonathan%26qs%3Dn%26form%3DQBLH%26sp%3D-1%26pq%3Djonathan%26sc%3D8-8%26sk%3D%26cvid%3DB2A20E8DF3FF45A5AE8871AA7607E94B *DENIED* Blocked site: scorecardresearch.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/shareQuote.js  GET 1659 0  1 200 application/x-javascript  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://cw.addthis.com/t.gif?r=1&pid=21&pidt=0&pdid=AB-F6LQyxp80O7b6LQnpU3L9w *DENIED* Blocked site: addthis.com GET 0 0  1 403 -  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://idsync.rlcdn.com/398656.gif?partner_uid=p41PxXBQEla6PYALS-RvZ2ansv0  GET 43 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://io.narrative.io/?companyId=31&id=radiumone_id%3AAB-ypHOBgov06PRiqB6B8oBhQ&ret=img  GET 35 0  1 200 image/gif  Default   - - 
    2017.5.28 20:37:37 - 192.168.2.51 http://rs.gwallet.com/r1/ucm?id=30326278345616453644401004954487063145&r1s=q4ynrb63yk8hu79s4bbbn4exnezxd3jgae1kzq1nr7bbeqnekjey  GET 57 0  1 200 image/gif  Default   - -
    
    


  • @jkrueger2020:

    I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:

    I had a feeling the problem was going to be caused by something stupid that I did wrong. And it was. Apparently, it doesn't matter if the checkbox on ACLs > Phrase Lists is checked to be Enabled. They aren't REALLY enabled unless the General > Weighted Phrase Mode is set to something other than "Off." I hadn't even realized I had missed turning that setting on. Obviously this isn't your fault - it's a quirk of E2Guardian. And now that I know the quirk, I can work around it.

    Anyway, on a side note, Marcelloc, words cannot express how truly grateful I am for your work in helping E2Guardian come to pfSense. I really do mean that. I'm so excited to finally be able to start configuring pfSense with keyword blocking! I was about to give up hope of finding a good solution and then I found this. Many, many thanks for your efforts!



  • @jkrueger2020:

    @jkrueger2020:

    I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:

    I had a feeling the problem was going to be caused by something stupid that I did wrong. And it was. Apparently, it doesn't matter if the checkbox on ACLs > Phrase Lists is checked to be Enabled. They aren't REALLY enabled unless the General > Weighted Phrase Mode is set to something other than "Off." I hadn't even realized I had missed turning that setting on. Obviously this isn't your fault - it's a quirk of E2Guardian. And now that I know the quirk, I can work around it.

    Anyway, on a side note, Marcelloc, words cannot express how truly grateful I am for your work in helping E2Guardian come to pfSense. I really do mean that. I'm so excited to finally be able to start configuring pfSense with keyword blocking! I was about to give up hope of finding a good solution and then I found this. Many, many thanks for your efforts!

    Did you confirmed the problem was the General setting?  When you enabled it the phrase blocking you tested started to work?



  • @jetberrocal:

    Did you confirmed the problem was the General setting?  When you enabled it the phrase blocking you tested started to work?

    Yes, once the General setting was enabled, phrase blocking worked just fine. Quite confusing for a noob such as myself, but now that I know to look in two spots, I'm good. Thanks for the assistance!



  • I am wondering how do I remove tinyproxy from the Services.

    Since I use squid I do not really have a need for tinyproxy.  How do I remove it from the Status/Services?

    I guess I can "pkg remove tinyproxy" but this won't remove it from the page.

    Is there a parameter for the install script to not install it in the first place?



  • @jetberrocal:

    Is there a parameter for the install script to not install it in the first place?

    not yet.

    You can remove it from config.xml using viconfig, a bad config.xml file breaks your firewall.



  • @marcelloc:

    @Mr.:

    
    Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory
    Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains
    Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default
    Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
    
    

    Still looks like you did not applied a blacklist yet. :(
    What blacklist are you using? I'll test with the same here to see if I get same results.

    Thank you Marcello  :D

    The shallalist in your first post.

    I downloaded and retried it five times.

    The GUI says I applied it (pic).

    How can I safely remove icap, clam, e2guardian, tinyproxy, and all others?

    So I can start fresh again, and can you give me the exact install commands?




  • Sorry to ask another question, but does E2Guardian support Man in the Middle for SSL? When I set my web browser to use port 3128 (from the Squid proxy server) and I load Amazon.com, the certificate is issued by "internal-ca" as I would expect. But when I change the port to 8080 to use E2Guardian, the SSL is issued by Amazon - not "internal-ca." This is causing keyword filtering not to work for SSL websites.

    Any suggestions for what I may have missed?



  • @jkrueger2020:

    Sorry to ask another question, but does E2Guardian support Man in the Middle for SSL? When I set my web browser to use port 3128 (from the Squid proxy server) and I load Amazon.com, the certificate is issued by "internal-ca" as I would expect. But when I change the port to 8080 to use E2Guardian, the SSL is issued by Amazon - not "internal-ca." This is causing keyword filtering not to work in SSL mode.

    Any suggestions for what I may have missed?

    Yes it does.  Thanks to marcelloc now we have e2g with mitm support.

    Select the Groups Tab.  Edit the group that you want to enable mitm.

    Select "Filter ssl sites …" in Group options.  Save.

    Remember to set the Certificate for SSL mitm in General Tab. Save.


Log in to reply