Blacklisting webpage does not work.

Question

Hello all, 
 Due to increased spam traffic with malicious links, we need to dynamically block certain URLs. With policy helpdesk, I can easily track what filter action and policy took place for particular user. I am conviced I blacklisted the webpage in the right place and yet, the user still can access the webpage. Below on the screenshots is outcome from particular policy, filter action and policy helpdesk test. Of course I had to cover texts that could lead to de-anonymization of the firewall, where screenshots were taken (hence there are some white rectangles in some parts of the screenshots). The images posted to my post have bad quality (you cannot read the setings), I therefore used external webpage for image hosting 
 What am I doing wrong? 
 
 Filter Action: 
 pasteboard.co/IDAeAfu.png 
 Policy test: 
 pasteboard.co/IDAeYbr.png 
 Profile: 
 pasteboard.co/IDAf4D2.png 
 
 Thank you in advance, take care.

DouglasFoster · Accepted Answer

First, let me say that web filtering works very well, I have exercised it thoroughly. Notwithstanding, I cannot explain your symptoms, so this is exactly the type of situation where Support is likely to be better and faster than this forum (even at level 1 support.) 
 You appear to have multiple filter actions. Assuming that you want this example site blocked for everyone, you are making things harder on yourself by blocking within the Filter Action. Instead, you should use an exception object. 
 But you have also highlighted the problem with regex -- it is very subtle technology and easy to be disappointed 
 
 "^http://" does not block an https link 
 "^https?://" blocks both http and https, but not ftp 
 To block all three protocols, you need something like "(https?|ftp)://", but I would not trust the assertion without some testing. 
 "http://" will match a url with http protcol, but may also block some URLs with an http string embeddd in the querystring (since the ^ is omitted). 
 
 The difference between your second regex and the one that was counterproposed is that one blocks *.baddomain and the other blocks with recursion, such as *.*.baddomain 
 I have come to loathe and fear regex mistakes, so I avoid them. Instead I use website override objects. 
 
 For this situation, I would simply override the reputation. 
 For items that are blocked as uncategorized, the website override specifies the category. 
 For partial or full proxy bypass, the website override applies a tag, and then an Exception object defines the features that are disabled, and is applied to "websites with this tag". 
 
 The website object can apply to a single host (www.badguys.com), or an organization by specifying badguys.com with the option to "include subdomains". Unfortunately, the subdomains only apply to one level, *.badguys,com, but not *.*.badguys.com. In most of my cases, a one level wildcard is sufficient. The upside is that I omit the protocol and all three protocols are blocked. 
 You need to look closely at the exceptions as reported in the policy helpdesk and the log files. There may be an exception that is causing your problem.

PatrickLee · Answer

Try backlist object under Edit Filter Action / Block These Websites. Add rahmatravel.com in Domains. This should work. 
 
 Good Luck

PatrickLee · Answer

it works for me