Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 5147 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking specific URLs in Website Management

Maximilian S

I set up website management (as described here) to block specific websites (mainly phishing).

This works completely fine for full domains and when I add a domain it is blocked on endpoints after just a few seconds.

However, the problem is that this simply does not work for URLs even though the article explicitly mentions URLs.

 

To be more specific:

One of our employees received a mail with a link to https://storage.googleapis.com/maliciousapp/index.html (not the real URL of course).

Instead of blocking the domain storage.googleapis.com (which would block all Google storage websites and is not wanted) I want to block just the URL https://storage.googleapis.com/maliciousapp/index.html or https://storage.googleapis.com/maliciousapp/ and all subsites.

The URL is still accessible when I add the full URL to website management and select our blacklist tag (which is configured to be blocked under Web Control policy)

When I remove the /maliciousapp/index.html part of the URL the domain is blocked (and the URL too).

 

Is this simply not working as described in the article, did I misinterpret the article or is my configuration wrong?



This thread was automatically locked due to age.
Parents
  • 0

    I am curious to the answer on this.

     

    One other thought, I have run into similar scenarios and have had better luck reporting the malicious link to the host provider, usually within an hour the site the link points to is down.  On the other side if they do not take it down, meaning they are looking the other way when malicious sites are created on there servers/domain/instance then I have no issue blocking there entire domain.

    Respectfully, 

     

    Badrobot

     

Reply
  • 0

    I am curious to the answer on this.

     

    One other thought, I have run into similar scenarios and have had better luck reporting the malicious link to the host provider, usually within an hour the site the link points to is down.  On the other side if they do not take it down, meaning they are looking the other way when malicious sites are created on there servers/domain/instance then I have no issue blocking there entire domain.

    Respectfully, 

     

    Badrobot

     

Children
No Data
Unfiltered HTML