Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 7656 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webfilter whitelist IP range

C F

I need some help with a filter action, everything is blocked by default and I would like to allow an IP range / 104.199.64.0/24 and 104.199.65.0/24 /. I tried this regex ^https?://104\.199\.65\d+.* but it's not working, I see the block in the log. Thanks in advance



This thread was automatically locked due to age.
  • 0

    webfiltering is based on URL, not on I.P.   You need to whitelust the FQDNs as well, or more likely, instead of the IP address.

    In the web world, host names determine behavior, so host nanes drive tbe filtering logic.

  • 0 in reply to DouglasFoster

    If you are using only Transparent Web Filtering, you may be able to accomplish want you want in this way:

    • Add the IP range to the Transparent Destination Host Skip List, which will cause the traffic to drop out of Web Proxy and be handled by Firewall Rules.
    • Ensure that a Firewall Rule allows the traffic out.

    The downside to this approach are:

    • The Skip List applies to all users, while a Filter Action applies can be granular to specific users at specific IP addresses.
    • The Skip List approach does not really work for Standard Mode.  I recommend moving to Standard Mode wherever possible, while keeping Transparent Mode enabled as a backup.
  • 0 in reply to DouglasFoster

    The problem is that this range is a part of Google Cloud and doesn’t resolve to a domain. The Webfilter blocks the traffic as uncategorized so it means that with a default block on there is no way to allow clients to communicate with IPs directly?

  • +1 in reply to C F

    On the contrary.   Did not mean to make you despair.

    If you are using an explicit IP address as your URL, that is what Web Filter will evaluate.   Many times, people want to block a DNS name using an IP address rule, and that is what does not work.

    Your regex looks fine.   A partial match should also work, so you could trim it to ^https?://104\.199\.65\d+ or ^https?://104\.199\.65

    Regex works, so something else is going on.   Check the logs to see if your traffic is really going through the Filter_Profile-Policy-Filter_Action sequence that has the exception.   Filter Action is not in the logs, because it is determined by policy.  

    But the transparent mode destination skip list will also work, as long as Transparent Mode is what you are using.  With Standard Mode, you need to exclude the IP URLs from the proxy script, then exclude it again with the Transparent Mode Skip List.   Then the Firewall Rules can allow it to pass.

    Note that if the skip list is used, the traffic is logged in the Firewall log rather than the webfilter log.

  • 0 in reply to DouglasFoster

    Thank you very much for your help, it seems the shorter version of the regex did the trick, now it's working flawlessly :)

Unfiltered HTML