This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why the link can't be blocked?

I am very tired because UTM 9 can't block the link successfully.

Following is the link

https://scratch.mit.edu/explore/projects/all "

I tested follow Regular Expression :

https://scratch.mit.edu/explore/projects/[all] "

" https://scratch.mit.edu/explore/projects/[a-zA-Z0-9] "

When I use policy test, it shows blocked. However I try the user computers (total 10 different computers), it can be passed. 

Include the last "Lego" Game link, this is the second link that can't be blocked.

 

Please help!



This thread was automatically locked due to age.
Parents
  • I should have seen this before.

    The site is https.

    I assume that you are not using decrypt-and-scan (https inspection).

    Without https inspection, the FQDN is in the unencrypted part of the packet, but the path and query string are encrypted.    It cannot match what it cannot see.

    You have to enable https inspection for your regex to work.     

    I used to be a big fan of https inspection, but less so now.   It solves some problems but it creates others.   I intend to post a comprehensive explanation of my views sometime soon.

  • DouglasFoster said:

    I should have seen this before.

    The site is https.

    I assume that you are not using decrypt-and-scan (https inspection).

    Without https inspection, the FQDN is in the unencrypted part of the packet, but the path and query string are encrypted.    It cannot match what it cannot see.

    You have to enable https inspection for your regex to work.     

    I used to be a big fan of https inspection, but less so now.   It solves some problems but it creates others.   I intend to post a comprehensive explanation of my views sometime soon.

     

     

    Hi DouglasFoster,

    Yes, you are correct. I haven't use the decrypt-and-scan. This function will affect the NOD32 and always prompt the warning windows. As before,I have post this in here too. T_T.

    Thanks!

Reply
  • DouglasFoster said:

    I should have seen this before.

    The site is https.

    I assume that you are not using decrypt-and-scan (https inspection).

    Without https inspection, the FQDN is in the unencrypted part of the packet, but the path and query string are encrypted.    It cannot match what it cannot see.

    You have to enable https inspection for your regex to work.     

    I used to be a big fan of https inspection, but less so now.   It solves some problems but it creates others.   I intend to post a comprehensive explanation of my views sometime soon.

     

     

    Hi DouglasFoster,

    Yes, you are correct. I haven't use the decrypt-and-scan. This function will affect the NOD32 and always prompt the warning windows. As before,I have post this in here too. T_T.

    Thanks!

Children
No Data