This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking URL based on referrer? More broadly, blocking personal Google Sites

Hello all.

Google Sites has long been used to grant access to "unblockable" games and movies. As a result, I'd like to block personal Google Sites but still allow our own Google Apps Education sites as we use the service.

Precise URL blocks (e.g. sites.google.com/site/unblockedmovies/) do not work even with HTTPS scanning. It seems to me that Google Sites services content almost like a web proxy, but the URL in the address bar is not the actual URL being accessed. Really, I'm not seeing any way to distinguish between personal Google Sites (e.g. https://sites.google.com/site/unblockedmovies/ ) and our own GAE sites ( https://sites.google.com/a/organization.org/ ). Yes, the URL is different, but again, blocking URLs doesn't work.

What I *did* notice though is a REF="URL_we_want_to_block". I'm not aware of Sophos UTM being able to block a site based on this information, but if it can, it seems some regex would probably solve most of the issues. Anyone know if blocking based on REF is possible?

"unblocked movies" page:
2015:10:12-09:49:15 ***x httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.14" user="test.student" ad_domain="***x" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xd82a3800" url="gg.google.com/csisites.google.com/.../" error="" authtime="29" dnstime="0" cattime="89" avscantime="0" fullreqtime="38199" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" reputation="trusted" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"



"Unblocked movies" sub page:
2015:10:12-10:17:58 ***X httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.14" user="test.student" ad_domain="***X" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xdb60e800" url="gg.google.com/csisites.google.com/.../22-jumpstreet" error="" authtime="26" dnstime="0" cattime="63" avscantime="0" fullreqtime="33079" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" reputation="trusted" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"



Our own Google Sites test page:
2015:10:12-10:10:45 ***x httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.217.206" user="test.student" ad_domain="***x" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xdb05e800" url="gg.google.com/csisites.google.com/.../" error="" authtime="0" dnstime="0" cattime="90" avscantime="0" fullreqtime="14753821" device="1" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" exceptions="" category="145" reputation="trusted" categoryname="Search Engines" application="google" app-id="182"


Another one of ours...
2015:10:12-10:26:21 ***X httpproxy[5633]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.169.147" dstip="216.58.216.46" user="test.student" ad_domain="SEA" statuscode="204" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLimitStude (Limit Students)" size="0" request="0xd7a5a000" url="gg.google.com/csi



Please keep in mind current rules grant blanket access to Google Sites as we need access to Google Sites. Also note that src IPs differ, even amongst our own organization so an IP level block doesn't look likely.

Any thoughts? Has anyone figured this out without blocking Google Apps wholesale?


This thread was automatically locked due to age.
Parents
  • Hi, and welcome to the User BB!

    What if you block all https?://sites\.google\.com/ and make an Exception for https?://sites\.google\.com/a/organization\.org/?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, and welcome to the User BB!

    What if you block all https?://sites\.google\.com/ and make an Exception for https?://sites\.google\.com/a/organization\.org/?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data