What's the simplest way to block a Top-Level-Domain (*.ru/* for example )in web protection?

I know this works in UTM hoping XG

https?://[A-Za-z0-9.-]*\.ru/

or

http?://[A-Za-z0-9.-]*\.ru/

You can also use country blocking, you may be aware but figure I would mention it.

I have some regex options but not sure where they would go in the XG to apply to any rules.

Hello

You can use those regex for allowing on XG at Web > Exceptions but for blocking a top level domain you can use firewall rules

Action Drop

From Lan to Wan

From Any to FQDN Host - *.ru

Log if you want.

There are some other options like creating url groups, or web categories -Need to write all domains and subdomains in this- but i always prefer Firewall Rule for this.

Trying to add a FQDN Host for "*.ru" (no quotes) but it won't allow it, showing this:

You must enter a valid value for FQDN

Badrobot said:

 https?://[A-Za-z0-9.-]*\.ru/

http?://[A-Za-z0-9.-]*\.ru/

If working with this REGEX Snippets, then the pattern for an URL with Path behind should be added as well (for Example mydomain.ru/mypage/index.php wouldnt be affected by this REGEX Snippets above). Afterwards this Regex Snippet can be used to create an URL Group that afterwards can be used in Webfilter Policy.

By the way... Why do you want to block all *.ru pages? not all of those are bad... I don't se a usecase for something like this :-S

Please try adding one of those snippets in a URL Group entry. The Sophos won't accept it: You must enter a valid domain name

Some TLDs simply aren't hosting anything that would be needed in our line of business. If that changes we have a process for whitelisting.

Good Point, I have been playing around with it, https://regex101.com/r/UPBMbG/1/tests  has a nice engine for testing if anyone is interested.

Since we are not really trying to block a TLD but a domain suffix I wonder if this would work 

[.](ru)

Have not tested it though.

It does not. It simply won't accept regex entries.

Custom categories and URL Groups do not support RegEx.

See here for more details:

https://community.sophos.com/kb/en-us/127270

I'm not 100% sure but I believe a URL Group just containing "ru" will do it.

FQDN Host objects appear to not like a top level domain.

You should also consider country blocking (uses GeoIP).  Set the Destination Zone to WAN and the Destination Network to Russian Federation.  This will block anything hosted in Russia but not .ru sites that are hosted elsewhere.

Hmm, maybe you nailed it. "ru" is accepted and seems to block "mail.ru" but not "rushlimbaugh.com" so maybe that will do the trick. Thanks!