Web Security: Support definitions for Allow/Block sites
We are finding on a lot of our sites the company is deciding to block facebook/myspace. When we go into the Web Security -> HTTP/S -> Content Filter, and the Additional URL's to Block box, we can add individual sites, and use just facebook on it's own, but this doesn't pick up "fbcdn.net".
Under Network Definitions, I can put DNS Group and call it facebook, and this picks up all the facebook sites.
I'd like to be able to drag and drop from the Definitions section into the "Additional URL's" box.
With Sophos UTM 9.3 we have added the ability to group URLs together using tags. In the example given, facebook.com and fbcdn.net can be added to the Website List and tagged as ‘Facebook’, then that tag can be used in policies to block or allow access to the sites.
For more information about UTM 9.3, see the following blog post: http://blogs.sophos.com/2014/11/10/sophos-utm-advantage-9-3-is-coming-soon-find-out-whats-new-2/
Gert Hansen commented
What are the typical websites/webapplications that you want to be blocked by this way? We might have another way to do this, by astaro analyzing the websites and giving you a simple checkbox option to block these webapps completly.
Paul Watson commented
I could use this.
Trevor Furnell commented
Yes Raj, you've nailed it. By using the dns group I get all the sites due to the dns group populating itself. (It's a very cool ability) and tapping into this gives me an easy way to block all facebook. We're getting more and more clients asking to just block facebook, or just rsvp or just some other individual site.
This would be good to have
Raj Dubey commented
I like this idea, but I'm not sure I understand Bob's comment. If I use "social networking" via the categories it get's lots of those types of sites, but I don't want all of them blocked, just some. I think this may be what Trevor is refereing to..?? I can see also where Trevor is trying to go with the drag and drop part, in that he is also refering to the lack of drag and drop within the content filter section, but also some sites have several different addresses that can be used to access them, thats the reference to facebook.com and fbcdn.net. Both those url's go to facebook, and if you only have facebook.com setup as the block in the content filter, then users can bypass this by going to fbcdn.net, if we can drag the dns group from the network definitions screen into this then we block all the facebook sites, regardless of what they are called. Trevor is that what your trying to say..
Bob Alfson commented
In essence, what you are requesting is the effect of "URL filtering categories." As long as "Social Networking" is one of the blocked categories, not only are facebook.com and fbcdn.net, but classmates.com, myspace, etc.
I'm not saying there aren't good reasons to be able to block specific URLs, just that the constant appearance of new ones plus the sheer volume of current ones makes the old brute-force defense untenable.