We'd love to hear about it! Click here to go to the product suggestion community
In reply to Coder68:
On 9.408 and it is still broken. The wirkaround I was given was to disable url filtering for the desired site. Of course, thst makes it impossible to limit access to a few users only, based on category. Another case is being escalated.
In reply to oldeda:
this did the trick for me, though i dont agree as asserted that it is "definitely not a bug" ... my logic dictates it is most CERTAINLY a bug, as you would think that you would only unblock certain countries which housed the website (discernible by the IP once the dns host is looked up)
so, for example, i would expect to "not block afghanistan" for all requests going to yellow-brick.com, meaning if yellow-brick ever housed the site elsewhere, or mirrored it with redundant servers etc, then the exception would fail to work.
you dont want to unblock all countries for 1 web url, if for example dns poisoning was used to redirect traffic for ...say ...google.com to a country they otherwise dont have a server in, for the purpose of infecting machines, then leaving all countries unchecked seems like it would allow traffic to all countries where google.com dns lookup said it lived
The trick is that the country blocking excdpfion needs to include "http cache" service in addition to http and https. Juxt finishex a case on this with support.
An alternative is to disable url checking in a web filtering exception.
In reply to HopefulSoul:
You are not unblocking a Country, just skipping country check for the desired request that are coming from your internal network.As you can see in attached print-screen government.nl is still blocked. And keep in mind, I only allow port 53 only for google dns service in Firewall rule. (if the user don't want the dns from DHCP)
When country blocking is turned on, which invokes country checking, how is "skipping a country check" for an associated destination url, not the same as turning off country blocking for said url?
The Url points to a host i think. You can define a dns host