This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block specific URL path

Hi, I'm brand new to Sophos and I'm experimenting with the web filtering capabilities. I have a test box set up and have basic filtering working for http and https. The categories I am denying in a rule are Anonymizers, Nudity, Sexually Explicit, Swimwear & Lingerie

In my testing I am still able to browse to https://www.si.com/swimsuit/, which I would like to be blocked. But I don't want to block all of si.com and it is correctly categorized as Sports. Is it currently possible to somehow block just this path at si.com? I've done some googling and haven't found a definitive answer.

This thread was automatically locked due to age.

Parents

0 lferrara over 7 years ago

Andrew,

have a look at this KB:

https://community.sophos.com/kb/en-us/127270

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Andrew Parker over 7 years ago in reply to lferrara

Thanks for that link. If I'm interpreting it correctly then I would need to use a Custom Category with domain with a string of si.com/swimsuit

I've created this Custom Category and added it to the rule I'm using and I can still get to https://www.si.com/swimsuit/. I do have https decryption enable and it's working and so are other rules that are part of that policy, so I don't think it's an issue with the Firewall rule.

In studying the table from https://community.sophos.com/kb/en-us/127270, that explains the regex equivalents, I see a problem. Take a look at the 'Custom category with domain - Entry contains a slash' column. The regex equivalent is ^[^\/]*example\.com\/foobar.*$ and the first matching sample is http://example.com/foobar, which it says should match. However, when I actually test that regex against the test string, it doesn't actually match. https://regex101.com/r/wJqgw0/1

I don't know if this KB article is representing how the code is actually processing the Custom Category, but if it is then there is a problem with the regex.

Can anyone confirm this discrepancy in behavior?
Cancel
Vote Up 0 Vote Down

Cancel
0 Andrew Parker over 7 years ago in reply to Andrew Parker

Can someone try to reproduce this and post your results? It's pretty easy to test. Just create a Custom Category like in my screenshot above, make sure it's part of a Policy that is blocking that category and is being used in a Firewall rule and see if it actually blocks that url when you try to browse to it.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Andrew Parker over 7 years ago in reply to Andrew Parker

Can someone try to reproduce this and post your results? It's pretty easy to test. Just create a Custom Category like in my screenshot above, make sure it's part of a Policy that is blocking that category and is being used in a Firewall rule and see if it actually blocks that url when you try to browse to it.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 max raufer over 4 years ago in reply to Andrew Parker

I did a similar test, created a custom category with keyword, entries w/o "/".

According to the table, the following regex should be evaluated: ^.*example\.com.*$

According to the table, the following URL should match: https://example.com/en-us/

I verified the match using a regex tester, but I can still browse to that URL.

The category is part of a Web policy (top of list, set to block at all time, enabled) which is part of a firewall rule (enabled) that uses Web proxy instead of DPI (XG v18). Not sure what else I can do to block that URL.

Help much appreciated. Thanks.
Cancel
Vote Up 0 Vote Down

Cancel