This article describes how to allow/block websites regardless of their category using custom categories and/or URL groups. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
If a website has been categorized incorrectly, you can tell Sophos about it so that we can improve the categorization for all Sophos Firewall users. Please submit a sample of the URL. However you can also create additional steps in the Web policy to handle websites differently from their category.
The most common reason to treat a website differently is because a website is being blocked (or allowed) when it should not be. In Sophos Firewall there are three ways to create objects and policy rules for websites and URLs to achieve the business needs.
When using a custom category or URL group, the URL will still maintain its original category. Therefore in addition to adding the URL to either a custom category or URL group, you must also create a Web policy rule to handle it. This rule should at the top of the list so that it takes priority.
As an example, you can create a custom category called Whitelist for Sales Dept and put into it a list of domains that the sales team should always have access.
Then in the Web policy, create a rule at the top that only applies to the sales user group and set the Whitelist for Sales Dept category to Allow.
In the firewall rule allowing Internet access, make sure to select the appropriate web policy. In this example it is the Default Policy.
RegEx and other forms of wildcards are not supported within the text string. Strings are used verbatim in a substring match. However the three different methods have slightly different automatic wildcarding, allowing for some flexibility in matching. The following table describes how entries (with and without a slash) are matched within the system:
Text is a verbatim string that will match the right side in domain name. Path is not allowed.
Note: This is FQDN aware which parses the URL to match that domain name and subdomains rather than a text string match.
Text is a verbatim string that will match anywhere in the domain name.
If the text contains a slash (/), then it can only match the end of domain name and the beginning of the path.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.