This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Websites categorized as Spam URLs how to exclude or disable this category in Sophos Central?

HI,
What is the fastest way to unblock a website blocked by a web control module with the information 'Your organization's policy prohibits access to websites categorized as Spam URLs.’?

In Sophos Central, Web Control policy I try to use Category Override but there is no Spam URL listed there?

I add tag for the site (allowed_sites) then I add that tag in Web Control policy under "Control sites tagged in Website Management" as allowed still no access to website.

I added a blocked page to the global execution list and still no access to the website.

During testing I normally update my local Sophos client and see every time that the web control module is updated, but I still can't reach the website because Spam URLs classification.

I tried to exclude all options in the web control policy and I still do not have access to the website except when I completely disable web control or exclude the user from the group where web control is applied.

I can submit a web address URL for reassessment but is there any option in Sophos Central to disable or exclude web control Spam URL categorization of websites?

During some of our lectures, we need to enable a blocked website immediately and quickly, which normally works properly with a global exception and website tags, but we can't unblock a website when it is categorized as a Spam URL.

We are now solving the problem by moving a user who cannot access the website to a group that does not have a web control policy.



This thread was automatically locked due to age.
Parents
  • I suspect spam is a bit of a special category along with phishing and spyware. It seems Web control "hardcodes" the blocking of these categories as they are typically not something you would want.

    If you look at the policy fragment for the web control policy which is here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\WebControl\[timestamp]\web_control_fragments\fragment_000001
    Body

    Base64 decode of this data, shows:

    if request.category == 34 or request.category == 46 or request.category == 48 then
    trace(' - blocked due to Phishing, Spam or Spyware category')
    response.result = 'block'
    response.reason = 'category'
    return
    end

    as part of the 

    -- BEGIN CATEGORY SCANNER

    Website Blocked: Spam URLs (sophostest.com) is a test page for this category.

    As a "website" exclusion for www.sophostest.com though it is allowed, maybe you can test.

Reply
  • I suspect spam is a bit of a special category along with phishing and spyware. It seems Web control "hardcodes" the blocking of these categories as they are typically not something you would want.

    If you look at the policy fragment for the web control policy which is here:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Management\Policy\WebControl\[timestamp]\web_control_fragments\fragment_000001
    Body

    Base64 decode of this data, shows:

    if request.category == 34 or request.category == 46 or request.category == 48 then
    trace(' - blocked due to Phishing, Spam or Spyware category')
    response.result = 'block'
    response.reason = 'category'
    return
    end

    as part of the 

    -- BEGIN CATEGORY SCANNER

    Website Blocked: Spam URLs (sophostest.com) is a test page for this category.

    As a "website" exclusion for www.sophostest.com though it is allowed, maybe you can test.

Children
  • First of all, thank you for the answer.

    I finally found a way to unblock a Spam URL website.

    I tried the global exclusions option before but the website was still unavailable also with the 'Allow' tag in website management.

    The problem is that global exclusions don't work for our blocked sites when I type the web site name of those blocked pages in website exclusions.

    Then I tried to enter the IP address of the blocked website instead of the website name and the website became available through a very short time !

    This is now more acceptable to us than disabling the Web Control module or excluding user from web control policy.

    I don’t know why in our case global exclusion with web page name doesn’t work?

  • Important! If you make any changes only to the whitelist or blocklist Tag (under Settings > Website Management), open the Web Control policy and SAVE IT without making any changes to re-apply the policy to clients! In this way the policy is applied almost immediately!