"Unblocked Games" - How to block "Google sites"

Question

I've been asked to block games for some student accounts, which I've been able to achieve through the "games" category in Filter Actions and adding a few individual domains. What I haven't been able to block are some "unblocked games" sites, especially ones that are on "Google sites" web sites.

If someone could tell me how (if it's possible) to block specific "Google sites" web sites I would be grateful. I prefer to encourage students to use their time wisely of their own accord, but I've been asked to do what I can to make game sites unavailable.

Thanks,

Steve

[locked by: SupportFlo at 3:45 PM (GMT -7) on 11 Sep 2018]
[unlocked by: SupportFlo at 3:51 PM (GMT -7) on 11 Sep 2018]
[locked by: SupportFlo at 3:53 PM (GMT -7) on 11 Sep 2018]

Michael Dunn · Answer

I'm going to assume that you are just having a problem with filering the logs, and that the requests are going through the proxy. 
 I'm also going to assume that you have HTTPS scanning turned on. Without HTTPS Scanning the proxy cannot see or block anything to do with paths in the URL. 
 I'm going to assume that, because the policy tester said it was Result Allowed that you problem lies in the policy. 
 Option 1: Go to the Filter Action Elementary Students and Edit it. Go to the Websites tab. Under block these Websites, add a blacklist object. Set to Match URLs based on Domain and put the domain in there. sites.google.com/.../&#160; 
 
 Option 2: Go to Filtering Options, Websites. Click New Site. Put in the URL sites.google.com/.../ Overide the category to Games. 
 Assuming your policy already blocks Games, this will be blocked automatically. It also has the benefit of appearing as a blocked game in reports. 
 If you want slightly more control, rather than changing the category you can add a tag. Then in the Filter Actions you can block that tag. This would be better if the problem isn't really a miscategorization, but something that you want to block even though it is categorized correctly. 
 Option 3: If you are sure that the URL is a gaming site and that everyone would think so, tell TrustedSource to update their categorization. https://www.trustedsource.org/ 
 Put in the URL and suggested category. I think that if you get an account you can actually track status of the recat request. It can take a few days.

Option 3 fixes bad categorization it for many customers. Option 2 fixes bad categorization for yourself. Option 1 is a force block regardless of category. I would do them in that preference order.

BAlfson · Answer

Hi and welcome to the UTM Community! 
 If you are using Web Filtering in the Transparent mode, it's possible that Chrome and Android phones are accessing the server using UDP 443 instead of TCP 443. You could create a firewall rule like 'Any -> {UDP 443} -> Internet : Drop' to force Chrome to use TCP. 
 If you are using the Proxy in Standard mode (explicit proxy), you can add UDP 443 to 'Allowed Target Services' on the 'Misc' tab of 'Filtering Options'. 
 In either case, you must not select 'Do not proxy HTTPS traffic in transparent mode' on the 'HTTPS' tab of the filtering Profile. 
 You should now be able to block that URL effectively. 
 Cheers - Bob