This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I get [site blocked: ocsp2.globalsign.com] in my logfiles, preventing me to get access to services when using e.g. appltv and different apps. Also blocking other services like scrive.
I've read some threads about simular problems but havn't found a solution that works.
There is one tip about adding https service in "Blocked services" but that seams for me to do the opposite of what I want to achive?
I use block keywords but I have checked more then once that the blocked (but good sites) havn't the blocked keyword in the URL.
Any ideas where I can find more info about this or a solution?
Netgear Orbi Pro AC3000 (SRR60, SRS60) with FW 2.5.3.110
After I sent my log files I got the suggestion to remove the word "sex" from the "blocked keywords" list. After doing that I now don't experience any blocked sites.
Thank you @BruceGuo for quick feedback and solution.
Blocking ocsp2.globalsign.com will break the revocation status check by OCSP* of any https certificates signed by GlobalSign, and probably even more private PKIs making use of the GlobalSign OCSP service, so many https sites (and APIs or whatever cloud connectivity) will simply blocked or lowered in the security, too.
*Online Certificate Status Protocol (OCSP) is the Internet protocol used for obtaining the revocation status of an X.509 digital certificate.
No idea why Orbi Pro should block this site - considering there is no crappy Internet security stuff in the play - just on it's own.
Have any URLs in the blocking list on your Orbi Pro router?
Yes, that's my point - donno why they get blocked, feels random. I can see they get access from other local IP numbers. Looks like it's from apps on Apple TV that sometimes get blocked.
Yes, that's my point - donno why they get blocked, feels random.
More than that - just silly to block these... But then again, I still don't understand what exactly is blocking this - considering there are no crazy Internet Security "packages" on the Orbi Pro. @BruceGuo
@YeZ please investigate with R&D how it is possible that a product intended for SOHO or SMB does block domains on it's own - without any external service in use, without any Internet Security **** like Armor or Circle in place, without a expicit entry in the blocking list. Some R&D fingers need to be cut .....
After I sent my log files I got the suggestion to remove the word "sex" from the "blocked keywords" list. After doing that I now don't experience any blocked sites.
Thank you @BruceGuo for quick feedback and solution.
//Johan
Model: SRK60B03|Orbi Pro Tri-Band Business WiFi System
@BruceGuo can you please spread some light why the keyword blocking with the text sex should have blocked e.g. ocsp2.globalsign.com please? I could understand e.g. on how the University https://www.essex.ac.uk/ or the trucking business http://www.transextransport.ch/ would be blocked. It's of course also possible technical web services could have any combination of chars in the technical URLs - and this can't be the idea that these are blocked... Thank you!
@schumaku this feature checks full "URL" with keywords. It is a simple string matching. So your examples would be matched.
Hm, not the University one - because it's https. 8-)
This keyword blocking method implemented is mostly obsolete in times of https. As this "feature" does bring more isues on radnom technical URLs than it can ever resolve, it should be removed.
The reason for the question: On other business products we see a "new" idea for URL blocking - based on catching the DNS queries. Secured/encrypted DNS does also bring this to an end.
Conclusion: This feature is a dead horse overall - unless one does it on the end point.
I guess as you say @schumaku this way of blocking sites by using keywords in a list is not optimal and should not be used. I for sure will disable it and look for an other solution.
