Allow use of blacklists in whitelist only mode

Follow

munrom

March 02, 2015 23:27

Hello,

I was trying to setup an restricted network for students that have abused their internet privilege, the idea was to basically only allow Drive and gMail.

The reason I would like to use a blacklist in whitelist mode is to block chat in gMail. The gmail domain is mail.google.com, the gmail chat is chatenabled.mail.google.com. I can find no way to allow gmail without allowing chat without the use of a blacklist, hence this request.

Regards

0

• 

  rotblitz March 03, 2015 07:29

  If you're a home user, you had to go for OpenDNS VIP, else you had to chose from one of the business versions.

  OpenDNS certainly will not give away paid options for free.

  0

  Comment actions Permalink
• 

  munrom March 03, 2015 07:37

  Rotblitz, I don't know why you think I'm not a paying customer. I'm the administrator for a College network and we are a paying customer. You can not use a blacklist of domains when you have a policy in whitelist mode. This means I can not have a whitelist policy that allows Google Mail that also blocks the embedded chat feature as the URL to do so is a subdomain,

  0

  Comment actions Permalink
• 

  rotblitz March 03, 2015 14:23

  "I don't know why you think I'm not a paying customer."

  Did I say this?  I can't see where I did, and I really didn't think about anything in this context.  And you didn't mention what service this is for.
  Honestly, I thought you're requesting a whitelist-only mode possibly for the free service.

  And yes, if you have whitelist-only mode enabled, your blacklist doesn't take effect.  I understand now what you mean, and it makes sense.

  Temporary workarounds would include (given that you run an institutional network):

  1. Either add this line to the local hosts file (maybe as AD policy):   0.0.0.0  chatenabled.mail.google.com
  2. Or configure your local DNS server with chatenabled.mail.google.com as a local domain, pointing it to Nirvana or to hit-block.opendns.com
  3. Or configure your proxy server (which you may operate) to block chatenabled.mail.google.com
  4. Or introduce an AD policy for the browsers being used to block chatenabled.mail.google.com

  0

  Comment actions Permalink
• 

  Alexander Harrison March 03, 2015 19:38

  There is unfortunately no way to blacklist a subdomain of a domain that is whitelisted. For example, if mail.google.com is whitelisted, this whitelists *.mail.google.com and this will automatically include chatenabled.mail.google.com. Whitelist only can be considered a blacklist entry for every single domain that exists is implied, and the whitelist overrides the domains added to it. 

  There is no way to whitelist *.mail.google.com with the entry mail.google.com and also block chatenabled.mail.google.com with OpenDNS at this time. 

  0

  Comment actions Permalink

Please sign in to leave a comment.