Sophos Endpoint Web Control did not block blacklisted URL

Question

hi, 
 
 we're trying to use Sophos Central for Enterprise Web Control feature but it seems did not work as intended 
 we tried to block Web Emails and tried typing the URL https://mail.yahoo.com directly and hit enter, then it seems it blocked. 
 however if we access https://www.yahoo.com with valid ID then click MAIL icon, it didn't block the URL. 
 
 from here, i can refresh the page without problem even when Sophos Endpoint Events shows "mail.yahoo.com" was blocked for my users 
 i tried to disable cache, but i can still refresh the page normally 
 
 anyone can provide advise how to fix this? 
 Thank You

QC · Accepted Answer

Hello Sophos User1929 , 
 first of all, I don't have a solution. 
 I could reproduce this (not with Central but with SESC though this shouldn't make a difference). What seems to happen is the following: mail.yahoo.com resolves to the same addresses as s.yimg.com that serves the various images on the Yahoo pages. The browser leaves the connection open a reuses it for the request to mail.yahoo.com . As Web Control can't inspect the HTTPS stream it can't detect that the request goes to a blocked URL. I tested my assumption by idling on the www.yahoo.com page until netstat showed that the connection to s.yimg,com/mail.yahoo.com and subsequently I get the expected Secure connection failed (or your browser's equivalent) when clicking on the icon. 
 Might be a deliberate and clever move by Yahoo 
 Christian