Ad Blocking lists

Hello. As an alternative, you can create regex entries for blocking sites with regular expressions/keywords instead of URLs. It is possible to add these expressions in the web filtering rules.

Have a look here: github.com/.../regex.list

Very interesting, so you added these expressions to blocked URL’s list? I will have to get my self educated this.

I am actually using these regex entries within Pi-Hole. Pi-hole is my recursive DNS server, (well to be precise Unbound is the caching DNS server but Pihole is sort of a front end and provided the DNS filtering) but theoretically the Regex entries should work in the web filter of sophos firewall too. Another option is to use AdGuard DNS (the free public DNS) as your forwarder in the Sophos firewall as it will block more ads and trackers. There is another free version of Adguard DNS but only supports 5 devices  AdGuard is highly regarded and blocks adware/phishing/malware sites.

Sophos Firewall and UTM: Regular expressions for defining URL patterns: support.sophos.com/.../KB-000034481

I went to web categories and tried to put those in as keywords with no success, How do you use those lists with Sophos XG?

I went to web categories and tried to put those in as keywords with no success, How do you use those lists with Sophos XG?

I also tried to input them regex entries into the blocked URL section too and it doesn't work. Another user in another post here said that the XG does not support regex for URL blocking. But strange that it would allow regex for exceptions...but not for blocking. The UTM allows regex for URL blocking but I did not attempt it.

Here is the guide for creating URL custom categories: support.sophos.com/.../KB-000036901

Because, regex can block a lot of good sites and it is far, far easier to whitelist sites within the Pihole than it is in Sophos.

I might suggest just going with a Raspberry Pi and installing pi-hole on it and using it as your DNS server if you really want DNS adblocking which it sounds like you do.

The pihole adlists contain millions of domains and managing them in Sophos would be a real PITA.

But the biggest downside of DNS filtering is that it can be bypassed easily. A user can bypass the DNS server by enabling encrypted DNS-over-HTTPS/TLS within the browser. That's why the URL filtering (SNI) in the Sophos firewall is so important, as to act as the first line of defense. 

Maybe in a future update they might incorporate something like this. Even if you chop an Adblock list down to 200 lines they are not in the proper format for Sophos. If they ever incorporated adblocking to the level like AdGuard nobody could ever compete with Sophos they would be the complete package and King of the hill. 

The better option, and what companies do is actually have a seperate proxy server that does URL filtering. Like Squid proxy w/ Squidguard. But the problem is TLS decrypt and scan is not compatible with Android/iOS devices, with companies like Google and Apple using certificate pinning to make sure no man-in-the-middle attack happens.