Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 23150 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block specific URL path

Andrew Parker

Hi, I'm brand new to Sophos and I'm experimenting with the web filtering capabilities.  I have a test box set up and have basic filtering working for http and https. The categories I am denying in a rule are Anonymizers, Nudity, Sexually Explicit, Swimwear & Lingerie

In my testing I am still able to browse to https://www.si.com/swimsuit/, which I would like to be blocked.  But I don't want to block all of si.com and it is correctly categorized as Sports.  Is it currently possible to somehow block just this path at si.com?  I've done some googling and haven't found a definitive answer.



This thread was automatically locked due to age.
Parents
  • 0 in reply to lferrara

    Thanks for that link.  If I'm interpreting it correctly then I would need to use a Custom Category with domain with a string of si.com/swimsuit

    I've created this Custom Category and added it to the rule I'm using and I can still get to https://www.si.com/swimsuit/.  I do have https decryption enable and it's working and so are other rules that are part of that policy, so I don't think it's an issue with the Firewall rule.

    In studying the table from https://community.sophos.com/kb/en-us/127270, that explains the regex equivalents, I see a problem.  Take a look at the 'Custom category with domain - Entry contains a slash' column.  The regex equivalent is ^[^\/]*example\.com\/foobar.*$ and the first matching sample is http://example.com/foobar, which it says should match.  However, when I actually test that regex against the test string, it doesn't actually match. https://regex101.com/r/wJqgw0/1

    I don't know if this KB article is representing how the code is actually processing the Custom Category, but if it is then there is a problem with the regex.

    Can anyone confirm this discrepancy in behavior?

  • 0 in reply to Andrew Parker

    Can someone try to reproduce this and post your results?  It's pretty easy to test.  Just create a Custom Category like in my screenshot above, make sure it's part of a Policy that is blocking that category and is being used in a Firewall rule and see if it actually blocks that url when you try to browse to it.

  • 0 in reply to Andrew Parker

    I did a similar test, created a custom category with keyword, entries w/o "/".

    According to the table, the following regex should be evaluated: ^.*example\.com.*$

    According to the table, the following URL should match: https://example.com/en-us/

    I verified the match using a regex tester, but I can still browse to that URL.

    The category is part of a Web policy (top of list, set to block at all time, enabled) which is part of a firewall rule (enabled) that uses Web proxy instead of DPI (XG v18). Not sure what else I can do to block that URL.

    Help much appreciated. Thanks.

Reply
  • 0 in reply to Andrew Parker

    I did a similar test, created a custom category with keyword, entries w/o "/".

    According to the table, the following regex should be evaluated: ^.*example\.com.*$

    According to the table, the following URL should match: https://example.com/en-us/

    I verified the match using a regex tester, but I can still browse to that URL.

    The category is part of a Web policy (top of list, set to block at all time, enabled) which is part of a firewall rule (enabled) that uses Web proxy instead of DPI (XG v18). Not sure what else I can do to block that URL.

    Help much appreciated. Thanks.

Children
No Data
Unfiltered HTML