07-13-2012 03:54 AM
Hello
I have a little problem in my company we want to block google-analitics as an aplication. But when i do that some of the pages are loading much much longer and few dosn`t load at all. Is there a way to block it so that my connection wont go down like a Titanic.
07-13-2012 05:08 AM
Do you get the same slowness if you block access to:
www.google-analytics.com
ssl.google-analytics.com
all together? Like by adding this as sinkhole in your dnsservers or by adding this to your local hosts-file (or as a url-filter block, you need ssl-termination to block the ssl edition):
| 0.0.0.0 | www.google-analytics.com |
| 0.0.0.0 | ssl.google-analytics.com |
07-13-2012 07:07 AM
Nope when i wen to an object and set a url-filtering profile to block ssl.google-analitics.com and www.google-analitics.com while i allowed google-analitics as an aplication it works just like it should.
Right now my config looks like this:
INTERNET - Dostep Chroniony {
option {
disable-server-response-inspection no;
}
tag [ OUT INTERNET TRUST test ];
from [ reth7-CAT ];
to [ reth7-SRX ];
source [ any ];
destination [ any ];
source-user [any];
category [ any ];
application [ adobe-flash-socketpolicy-server facebook flash g
adu-gadu gmail-base gmail-enterprise google-analytics google-maps google-safebro
wsing google-translate http-audio http-video imap jabber java-update ms-rdp ocsp
oracle-forms ping sharepoint silverlight skydrive soap squirrelmail ssh ssl t.1
20 web-browsing yahoo-mail youtube ];
service [ any ];
hip-profiles [ any ];
log-start yes;
log-end yes;
negate-source no;
negate-destination no;
action allow;
disabled no;
profile-setting {
profiles {
url-filtering [ Filtr dla xxx ];
}
}
}
Filtr dla xxx {
license-expired allow;
enable-container-page yes;
dynamic-url yes;
log-container-page-only no;
block [ adult-and-pornography games hacking keyloggers-and-monit
oring malware-sites nudity online-gambling phishing-and-other-frauds proxy-avoid
ance-and-anonymizers spyware-and-adware weapons ];
block-list [ ssl.google-analytics.com www.google-analytics.com ];
allow-list [];
action block;
}
Is there any way that I wont have to use that black-list filter, and just block it as an aplication?
Maybe I`m missing some config option that will say browser that it dosen`t have to wait for a response from google-analitics??
08-03-2012 10:24 AM
Got the same issue. I get the feeling that some websites are coded in such a way that it waits for data from google-analytics before continuing - almost like the website is being processed sequentially. Blocking google-analytics causes the website to "hang" at the point in the website code where it waits for data to or from google-analytics.
08-06-2012 07:03 AM
Yep, its so annoying.
Right now I only have walkaround with adding ssl.google-analytics.com www.google-analytics.com to a URL-filtering object thats on my policy from Trust to Untrust. but it would be nice to block it as an apllication :smileygrin:.
08-06-2012 02:34 PM
One way to address it would be to setup an Apache or IIS instance somewhere on your network, and setup DNS to point the A records to your HTTP server instance. You will then want to put an empty ga.js in the root of the folder.
Google Analyitics works over both HTTP and HTTPS. This would cover HTTP, but not HTTPS. If you were to setup an HTTPS instance with an invalid certificate, the users would likely get a certificate warning. If you have an AD with a trusted CA and are using IE, you could generate your own certificate for ssl.google-analytics.com and assign it to the web server to get around this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
