This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Exceptions Not Working - Where do Exceptions Apply?

I have enabled the out of the box exception for Windows Updates.

I have a blacklist applied for a particular network.

*.windowsupdate.com and *.microsoft. com are still blocked.

I had to copy the two regex patterns from the Windows Update Exclusion Policy and add them to the "Websites" --> "Allow These Websites" list on the blacklist filter action.

Is this expected behavior?

I assumed that exclusions added and enabled on "Filtering Options" would be universally applied.



This thread was automatically locked due to age.
  • This is all I have for my Windows Updates (including Office) and works great.  I do have a lot of telemetry even blocked and I can see those being blocked in my web filter log, but this allows updates through.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Thanks for the reply.  So this is the only rule you have enabled and it applies to all of your web traffic, regardless of the profile and action they  trigger?

    I had to add all of those regexes in your screenshot to my default content filter block action in order to get windows updates working.

  • Correct.  I have telemetry blocked and I have a very long list of ads that I block, but this is all I've needed for Windows Updates.  I think most people miss one little thing in a regex entry that can completely negate your goal.  I've helped quite a bit of people specifically with this setup with Office Update as well that they could not reach before.  They can now.  Slight smile

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • I was under the impression that the default content filter block action wasn't recommended anymore and instead everything should be blocked or allowed using the default content filter action to avoid issues.

  • The default content filter block action comes in handy when you need to "imprison" a specific user temporarily. ;-)

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA