Why the link can't be blocked?

Do you have access to support, or are you a home user?   You may have found a bug that Support needs to investigate.

I have reproduced your symptoms.

Do you have access to support, or are you a home user?   You may have found a bug that Support needs to investigate.

I have reproduced your symptoms.

I think I repeated your problem because I repeated your mistake.

Escape all of the "/" characters -- replace them with "\/" -- and see if it fixes the problem.   I do not have time to repeat my tests right now.

DouglasFoster said:

I think I repeated your problem because I repeated your mistake.

Escape all of the "/" characters -- replace them with "\/" -- and see if it fixes the problem.   I do not have time to repeat my tests right now.

Hi DouglasFoster,

Thanks for reply!

  I test this Regular Expression:

"^https?://scratch.mit.edu\/explore\/projects\/[A-Za-z0-9] "

and 

"^https?:\/\/scratch.mit.edu\/explore\/projects\/[A-Za-z0-9] " 

Same as before, the policy test shows blocked. But the user's computer can be passed too.

Also, I found a new problem. I open the live log and go to scratch.mit.edu by chrome. Strangely, the live log will not show anything about it but it will show other website status.

Thanks a lot.

DouglasFoster said:

Do you have access to support, or are you a home user?   You may have found a bug that Support needs to investigate.

I have reproduced your symptoms.

 

Hi DouglasFoster,

I am a school IT staff in Hong Kong.

thanks

Hi Perry,

Does the following work?

^https?://scratch.mit.edu/explore/projects/

If not, show us the line from the Web Filtering log file where a URL was not blocked.

Cheers - Bob

Hi Bob,

Sorry, it still not work.

Admin Console:

User Computer :

Log :

2018:12:08-11:15:35 httpproxy[5763]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="151.101.2.133" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="24217" request="0xdc862000" url="https://api.scratch.mit.edu/" referer="" error="" authtime="0" dnstime="2" cattime="140" avscantime="0" fullreqtime="61958215" device="0" auth="0" ua="" exceptions="" category="111" reputation="neutral" categoryname="Education/Reference"
2018:12:08-11:15:35 httpproxy[5763]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.77.192.90" dstip="151.101.194.133" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3233490" request="0xe1069800" url="https://scratch.mit.edu/" referer="" error="" authtime="0" dnstime="2" cattime="96" avscantime="0" fullreqtime="62455812" device="0" auth="0" ua="" exceptions="" category="111" reputation="neutral" categoryname="Education/Reference"

But the log can match "scratch" word , which has two lines only. Also, the live log window show above information around 30 second. Is this reasonable?

Thanks Bob

The lines you show from the log are not accesses you said you wanted to block.  The pictures are too small to see, but I suspect that the accesses are not being seen by Web Filtering or that you need to block other URLs than the one you've identified.

Cheers - Bob

BAlfson said:

The lines you show from the log are not accesses you said you wanted to block.  The pictures are too small to see, but I suspect that the accesses are not being seen by Web Filtering or that you need to block other URLs than the one you've identified.

Cheers - Bob

 

Hi Bob,

I re-insert the image.

Proxy Test Tools:

User's Computer :

About the log, I don't know why that's like the LEGO URL. Even I open the live log window and go to the URL, it will not show the URL in the live log. I refresh the URL 3 Times and after around 30 second, live log show above two log data only. Does it wants to set anything?

I have already rebooted the firewall, but the live log has the same status.

Please Help!

Without HTTPS inspection, UTM only logs one entry for the session, with method="CONNECT", and only at the end of the session.   The size="value" field of the log entry is the total of all traffic seen during the session.   Live Log is probably not helping because you are opening the page, which starts a session, and then expecting a log entry to appear.   You may be able to make the live log entry appear by navigating away from the page, to something unrelated.

Sharp eye, Doug!  I admit to scanning too often without looking closely.

Perry, if you're not using decrypt and scan for HTTPS traffic, you won't be able to block traffic inside the encrypted tunnel, just as Doug commented twice above.

Cheers - Bob

BAlfson said:

Sharp eye, Doug!  I admit to scanning too often without looking closely.

Perry, if you're not using decrypt and scan for HTTPS traffic, you won't be able to block traffic inside the encrypted tunnel, just as Doug commented twice above.

Cheers - Bob