Legitimate sites in blacklist

[chiara-paci]

Hi.

I'm trying to implement blackweb in the proxy of one of my clients, but there is something I can't understand.

I activate it in a test environment, and it's blocking almost everything, including:

• well known sites like apache.org, docker.com, pypi.org, etc.;
• banks like unicredit.it;
• almost every italian provider (tiscali.it, virgilio.it, libero.it, etc.);
• governative institutions (sogei.it, rai.it, provincia.tn.it, etc.).

Why are they included? How can Sogei, owned by a ministry, be in a blacklist?

[maravento]

Thank you for your interest in Blackweb

BlackWeb is a project that collects and unifies public blocklists of domains. Therefore, if there are false positives, it is from one of the BlackWeb sources, described in SOURCES

The sites you just mentioned:

.apache.org
.docker.com
.libero.it
.provincia.tn.it
.pypi.org
.rai.it
.sogei.it
.tiscali.it
.unicredit.it
.virgilio.it

They have been reviewed and will be removed in the next BlackWeb update. But in the meantime, you can exclude them manually in the allowurls.txt ACL:

# Allow Rules for Domains
acl allowdomains dstdomain "/path_to/allowdomains.txt"
http_access allow allowdomains

# Block Rule for Blackweb
acl blackweb dstdomain "/path_to/blackweb.txt"
http_access deny blackweb

Important:

If you or another user have other domains that you consider false positives, you can publish them in this Issue, it doesn't matter if it is closed or send list to contact@maravento.com

[maravento]

fix it https://github.com/maravento/blackweb/commit/4d00724eaddb6d1466f9f3a8be566c542e3b7ea4