Country blocking exception not working

I'm running Firmware version: 9.303-2. I have Country Blocking turned on to some  countries, one of which is Netherlands.

When I try to go to: Yellow Bricks

I get this error:
Content blocked
While trying to retrieve the URL: Yellow Bricks
The content is blocked due to the following condition:
The URL you have requested matches a forbidden Country. If you think this is wrong, please contact your administrator.
Country: Netherlands

I went to "Country Blocking Exceptions" and created a an exception called "Whitelist"

It says its set to:

skip blocking of these countries:
    [Netherlands] Netherlands
for traffic going to these destination networks:
    Whitelist 1
    Whitelist 2
    Whitelist 3
Using these services:

For the three networks, I've tried three things:

Name: Whitelist 1
Type: DNS Host
Hostname: Yellow Bricks

Name: Whitelist 2
Type: DNS Host

Name: Whitelist 3
Type: Network
IPV4 address: /32

None of them work. 

If I tell the country blocking list to allow Netherlands, it lets me access the site.

Any ideas?


  • In reply to Coder68:

    On 9.408 and it is still broken.  The wirkaround I was given was to disable url filtering for the desired site.   Of course, thst makes it impossible to limit access to a few users only, based on category. Another case is being escalated.

  • In reply to oldeda:

    this did the trick for me, though i dont agree as asserted that it is "definitely not a bug" ... my logic dictates it is most CERTAINLY a bug, as you would think that you would only unblock certain countries which housed the website (discernible by the IP once the dns host is looked up)


    so, for example, i would expect to "not block afghanistan" for all requests going to, meaning if yellow-brick ever housed the site elsewhere, or mirrored it with redundant servers etc, then the exception would fail to work.


    you dont want to unblock all countries for 1 web url, if for example dns poisoning was used to redirect traffic for ...say to a country they otherwise dont have a server in, for the purpose of infecting machines, then leaving all countries unchecked seems like it would allow traffic to all countries where dns lookup said it lived

  • In reply to Coder68:

    The trick is that the country blocking excdpfion needs to include "http cache" service in addition to http and https.  Juxt finishex a case on this with support.

    An alternative is to disable url checking in a web filtering exception.

  • In reply to HopefulSoul:

    You are not unblocking a Country, just skipping country check for the desired request that are coming from your internal network.
    As you can see in attached print-screen is still blocked.
    And keep in mind, I only allow port 53 only for google dns service in Firewall rule. (if the user don't want the dns from DHCP)

  • In reply to oldeda:

    When country blocking is turned on, which invokes country checking, how is "skipping a country check" for an associated destination url, not the same as turning off country blocking for said url?

  • In reply to HopefulSoul:

    The Url points to a host i think. You can define a dns host