How to allow or block URI and sub-domains using Content Filtering

Description

The Allowed Domains and Forbidden Domains feature has been enhanced and is called Allowed URI and Forbidden URI. Where Allowed and Forbidden Domains feature blocked or allowed connections to websites based on their domain names, the new feature blocks entire URIs.  With this enhancement, specific resources within a website can be blocked or allowed. 

NOTE: While performing tests to confirm the Allow/Forbidden URI, it is recommended to log out of the firewall or have another device to test with. 


The following examples illustrate the difference in both features:

  • The Maximum number of characters allowed in a URI is 255.
  • CFS does a partial match of entries with the URI accessed.
    EXAMPLE:The entry google.com will match www.google.com; www.nybooks.com/issues/ will match www.nybooks.com/issues//2014/dec/18/, but www.nybooks.com/issues/ will not match www.nybooks.com.

  • With HTTPS Content Filtering option checked, websites accessed over HTTPS will be blocked (as in earlier versions) based on Client Hello and Certificate messages. Therefore, the URI will not be blocked or allowed
  • To block URI of a website accessed over HTTPS requires DPI-SSL client Inspection

Here are some more examples 

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

  1. Navigate to OBJECTS | URI LIST
    Image
  2. Click ADD option to add DOMAIN, KEYWORD, OR URI to block or allow any website
    Image
  3. Navigate  to OBJECTS | PROFILE OBJECTS | CONTENT FILTER
  4. Configure the Profile and in URI LIST CONFIGURATION, select the URI list that was created earlier and add it to the Allowed URI LIST or FORBIDDEN URI LIST
    Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

  •  The Allowed/Forbidden URI objects can be found under Manage | Objects | Content Filter Objects | URI List Objects:Image

Related Articles

  • Firewall logs show frequent probe status changes after upgrade
    Read More
  • SSO Agent 4.0: Installation, Configurations, and troubleshooting
    Read More
  • CFS blocks valid sites due to incorrect 64: Not Rated tag
    Read More

Categories

Firewalls
NSa Series
Content Filtering Service
Firewalls
NSv Series
Content Filtering Service
Firewalls
TZ Series
Content Filtering Service
not finding your answers?
Ask the Community
was this article helpful?
YesNo