This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ad Blocking lists

Sophos is awesome and amazing and like other people here have requested it would be amazing if we could import adblocking lists like this one. https://github.com/StevenBlack/hosts

If you can already achieve this could someone please help me. I found one other post about this and I did not see a solution. Maybe I did not notice?



This thread was automatically locked due to age.
  • Hi,

    there are application and web proxy functions for blocking adverts you need to build your firewall rules around the existing functions.. You don't need to create a list because the list is already created and you can build your own if you want to block a specific set.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello!

    There's no easy way to do this because of two reasons.

    • The Sophos Firewall is limited to 2.000 domains within a single custom category.
    • It can't import HTTPS lists, (Only plain-text HTTP.)

    You can either find a good and small Ad Blocking list then import It as a category (If It's bigger than 2.000 domains you can cut the txt file to multiple file), or try to find a way to automate It while using the Firewall API.

    But, depending on your scenario, the default (already available) Advertisements category could be enough for you.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Hi,

    Thank you for reaching out to Sophos Community.

    You may refer to the following KB for creating/importing a custom web category list. 

    Sophos Firewall: Create a custom web category: https://support.sophos.com/support/s/article/KB-000035913?language=en_US

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Thanks for the very quick reply. I currently have the policy set up to block advertisements and I currently blocks most applications it works great don't get me wrong I was just thinking in regards as a way to really polish it off by using a list. I have no idea if doing that would affect the performance much or not considering they have just short of 200.000 blocked url's on the list. I hope you have a great day. 

  • Hello. As an alternative, you can create regex entries for blocking sites with regular expressions/keywords instead of URLs. It is possible to add these expressions in the web filtering rules.

    Have a look here: github.com/.../regex.list

  • Thank you to everyone who replied. 

  • Very interesting, so you added these expressions to blocked URL’s list? I will have to get my self educated this.

  • I am actually using these regex entries within Pi-Hole. Pi-hole is my recursive DNS server, (well to be precise Unbound is the caching DNS server but Pihole is sort of a front end and provided the DNS filtering) but theoretically the Regex entries should work in the web filter of sophos firewall too. Another option is to use AdGuard DNS (the free public DNS) as your forwarder in the Sophos firewall as it will block more ads and trackers. There is another free version of Adguard DNS but only supports 5 devices Disappointed AdGuard is highly regarded and blocks adware/phishing/malware sites.

    Sophos Firewall and UTM: Regular expressions for defining URL patterns: support.sophos.com/.../KB-000034481

  • I went to web categories and tried to put those in as keywords with no success, How do you use those lists with Sophos XG?

  • I also tried to input them regex entries into the blocked URL section too and it doesn't work. Another user in another post here said that the XG does not support regex for URL blocking. But strange that it would allow regex for exceptions...but not for blocking. The UTM allows regex for URL blocking but I did not attempt it.

    Here is the guide for creating URL custom categories: support.sophos.com/.../KB-000036901

    Because, regex can block a lot of good sites and it is far, far easier to whitelist sites within the Pihole than it is in Sophos.

    I might suggest just going with a Raspberry Pi and installing pi-hole on it and using it as your DNS server if you really want DNS adblocking which it sounds like you do.

    The pihole adlists contain millions of domains and managing them in Sophos would be a real PITA.

    But the biggest downside of DNS filtering is that it can be bypassed easily. A user can bypass the DNS server by enabling encrypted DNS-over-HTTPS/TLS within the browser. That's why the URL filtering (SNI) in the Sophos firewall is so important, as to act as the first line of defense.