Google-analitics

Reply
Not applicable

Google-analitics

Hello

I have a little problem in my company we want to block google-analitics as an aplication. But when i do that some of the pages are loading much much longer and few dosn`t load at all. Is there a way to block it so that my connection wont go down like a Titanic.

L6 Presenter

Re: Google-analitics

Do you get the same slowness if you block access to:

www.google-analytics.com

ssl.google-analytics.com

all together? Like by adding this as sinkhole in your dnsservers or by adding this to your local hosts-file (or as a url-filter block, you need ssl-termination to block the ssl edition):

0.0.0.0  www.google-analytics.com
0.0.0.0  ssl.google-analytics.com
Not applicable

Re: Google-analitics

Nope when i wen to an object and set a url-filtering profile to block ssl.google-analitics.com and www.google-analitics.com while i allowed google-analitics as an aplication it works just like it should.

Right now my config looks like this:

INTERNET - Dostep Chroniony {

                  option {

                    disable-server-response-inspection no;

                  }

                  tag [ OUT INTERNET TRUST test ];

                  from [ reth7-CAT ];

                  to [ reth7-SRX ];

                  source [ any ];

                  destination [ any ];

                  source-user [any];

                  category [ any ];

                  application [ adobe-flash-socketpolicy-server facebook flash g

adu-gadu gmail-base gmail-enterprise google-analytics google-maps google-safebro

wsing google-translate http-audio http-video imap jabber java-update ms-rdp ocsp

oracle-forms ping sharepoint silverlight skydrive soap squirrelmail ssh ssl t.1

20 web-browsing yahoo-mail youtube ];

                  service [ any ];

                  hip-profiles [ any ];

                  log-start yes;

                  log-end yes;

                  negate-source no;

                  negate-destination no;

                  action allow;

                  disabled no;

                  profile-setting {

                    profiles {

                      url-filtering [ Filtr dla xxx ];

                    }

                  }

                }

Filtr dla xxx {

                license-expired allow;

                enable-container-page yes;

                dynamic-url yes;

                log-container-page-only no;

                block [ adult-and-pornography games hacking keyloggers-and-monit

oring malware-sites nudity online-gambling phishing-and-other-frauds proxy-avoid

ance-and-anonymizers spyware-and-adware weapons ];

                block-list [ ssl.google-analytics.com www.google-analytics.com ];

                allow-list [];

                action block;

              }

Is there any way that I wont have to use that black-list filter, and just block it as an aplication?

Maybe I`m missing some config option that will say browser that it dosen`t have to wait for a response from google-analitics??

L3 Networker

Re: Google-analitics

Got the same issue. I get the feeling that some websites are coded in such a way that it waits for data from google-analytics before continuing - almost like the website is being processed sequentially. Blocking google-analytics causes the website to "hang" at the point in the website code where it waits for data to or from google-analytics.

Not applicable

Re: Google-analitics

Yep, its so annoying.

Right now I only have walkaround with adding ssl.google-analytics.com www.google-analytics.com to a URL-filtering object thats on my policy from Trust to Untrust. but it would be nice to block it as an apllication :smileygrin:.

Highlighted
L3 Networker

Re: Google-analitics

One way to address it would be to setup an Apache or IIS instance somewhere on your network, and setup DNS to point the A records to your HTTP server instance.  You will then want to put an empty ga.js in the root of the folder.

Google Analyitics works over both HTTP and HTTPS.  This would cover HTTP, but not HTTPS.  If you were to setup an HTTPS instance with an invalid certificate, the users would likely get a certificate warning.  If you have an AD with a trusted CA and are using IE, you could generate your own certificate for ssl.google-analytics.com and assign it to the web server to get around this.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!