Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter Bypass Issue with URL Groups

Hello.

I've come across a minor issue with the Web Filter where a user may still be able to load a webpage, even though it is 'blocked.'

Running the latest version of XG firewall (18.0.4 MR-4).

To replicate:

1. Create a URL group and add a domain, for example: example.com

2. Create a User Activity with the URL group added.

3. Create a web filter Policy, denying the above created User Activity.

4. Apply the web filter Policy to a firewall rule.

On a PC impacted by the firewall rule, load the URL with a period (.) at the end of the URL. For example: http://example.com.

Without the period at the end of the URL, the webpage is blocked (as expected). With the period, it loads in full.

One more thing, the PC points to the XG for DNS.

Is anyone else able to replicate this issue?



This thread was automatically locked due to age.
Parents Reply
  • Okay, thanks for helping out.

    Just a few more points:

    • My first thought was to just block the InvalidURL web category, but it turns out that there is no category named that which can be added to a User Activity.
    • Is it technically an invalid URL with the dot at the end? Your previous posts with the links indicate that it's actually a Fully-Qualified Domain Name.
    • This issue could be exploited by malware, as a way to bypass the web filter and communicate with a host on the Internet using HTTP.

    I look forward to your update.

Children