Sophos Firewall Web Protection Unable To Process Cyrillic Domain Names

Question

Hello Everyone, 
 
 We've had requests to block websites that contain Cyrillic characters, however whenever I attempt to do so in the Sophos interface it states it's an invalid URL. 
 
 To avoid posting the full domain of the malicious site, an excerpt would be: 
 
 https://[domain].ком.рус 
 
 We're seeing more and more of this now, and I'm concerned if the XG cannot process these characters for something as simple as a website/URL, what else could the product be effectively unable to interpret? 
 
 Many Thanks

ptho · Accepted Answer

Spoke with Sophos' support team and after a lot of testing they decided the best approach was to either block the IP address (doesn't really solve the issue), or to ping the Cyrillic domain name, and determine the translated domain name, which in the case above comes to: xn--80akhqdddqo.xn--j1aef.xn--p1acf 
 
 I'll be honest, I don't really understand it. Probably something to do with Unicode, ASCII, etc. I still wouldn't consider this a true fix, but maybe that's not Sophos' fault.

Sophos Firewall Web Protection Unable To Process Cyrillic Domain Names

Top Replies