Disclaimer: This information is posted as-is and the content should be referenced at your own risk
In many scenarios, the non-malicious websites are getting blocked under a specific category. You can configure the website categories in Sophos Central listed here and control the internet content that users can access through a web browser.
The easier way to exempt a website is to use tags. For example, if you wanted to allow the site uk.video.search.yahoo.com that was previously blocked, then the steps below should be performed to create the appropriate website tag.
Have an idea or suggestion regarding our Documentation, Knowledgebase, or Videos? Please visit our User Assistance forum on the Community to share your idea!
Thank you for reaching out to the Sophos Community.
I suspect what you’re seeing is the error "Website cannot be found" when you’re trying to go to sites that are blocked. This…
There doesn't seem to be any consistency with the error messages when trying to access the blocked sites, sometimes it's a connection failure one and other times it's a Sophos one
I suspect what you’re seeing is the error "Website cannot be found" when you’re trying to go to sites that are blocked. This is due to some sites using HTTPS, where-in the AV isn’t able to inject the "Website Blocked" page into the secured traffic so that it’s displayed in the web browser.
This is outlined in the following KBA under the section "How to check if Web Control is working."- https://support.sophos.com/support/s/article/KB-000035338?language=en_US
Thanks for your reply, one more question, when blocking websites in the Website Management, do you have to put in all variations of the web addresses, or is there a wild card, e.g. gmai.com & mail.gmail.com?
In this situation, I recommend creating an entry for each of the base domains that will be accessed when your end-users try to reach Gmail. I suspect if you were to block "mail.google.com" but not "gmail.com" the end-users would see a web-page redirect occurring followed by nothing loading after the redirect.
If both URLs are blocked then both will return the same behavior in strictly blocking the page when accessed, which would be a bit more suitable for your use case.