Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 9078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Regular expression to block url that contains keyword

Andy Johnson

Hi,

I would like to setup something so that I can block the youtube query where part of it contains specific keyword.

I am currently not decrypting https traffic and I don't know how can I do that. Will it be possible to block youtube queries for some keywords since youtube is https.

I also would like to know how can I enable decryption of https traffic and what advantage would I get from it. As soon as I enable it, I start getting certificate error for all sites which are https.

I added certificate based on instructions provided on one of my computer but, I can't add to my other devices like google home and android phones. I hope, I don't need an actual domain and ssl certificate for it to achieve it.

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0
    ^https://www.youtube.com/results?search_query=.*keyword

    should do it, Andy, but I'm not certain that it can be done without decrypting, so please share your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    our assumption is correct. Without "Decrypt and scan" enabled, it is not even touching the https sites not even urls. Regular expression to check the url contents is also not working,

    Now biggest question is: how can I enable decrypt and scan for https?

    Here is what I did so far:

    I now have a valid domain name pointing to my IP

    I have a valid ssl certificate for my domain from sslforfree and letsencrypt

    Here is what I did so far:

    In Web Server protection --> Certificate management, I uploaded my PKCS#12 (Cert + CA)

    In management --> https certificate, I selected the certificate that I imported.

    In Web Protection --> Filtering Options --> HTTPS Ca, I uploaded my sslforfree certificate. and now it shows mysite.org proxy CA

    I still get the https error "your connection is not private"

    I also want to mention that, I have devices like android phones, tablets, google home, smart tv where I can't import any certificate (I probably can import certificate on android browsers but lot of other https web service would fail. For e.g. google play web service)

    I really would like to "Decrypt and scan" my https traffic throughout my home because most of the traffic is through https tunnel these days and without that, having UTM is mostly useless.

    Thanks

    Andy

     

  • 0 in reply to Andy Johnson

    It's not Webserver Protection that you want, Andy.  Just go to the 'HTTPS CAs' tab in 'Web Protection >> Filtering Options' where you can download and install the Proxy CA.

    For the IoT devices, assign them fixed IPs and have the Proxy skip those sources.  For the phones and tablets, you should be able to install the CA.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Thanks for your response. I did as you mentioned and seems to be working just fine.

    I in fact don't have to buy my own domain and also ssl for it. It was a waste of money for me.

    I just created a unique host in System Settings --> Organizational and provided a unique host name

    Regenerate certificate in Filtering options --> Https CAs

    Download the certificate

    and then install the certificate on each user computer and works like a charm..

     

    Now only problem i see here is: https://192.168.2.100:4444 started throwing me the invalid certificate error. How to trust it?

    Also, how can I exclude IOT device. Can you please explain me in little detail?

    Thanks

    Andy

  • 0 in reply to Andy Johnson

    One of the unwritten rules here, Andy, is "one topic per thread" - that's to make it easier for future members to find an answer to their question without starting a new thread that's already been answered.  Please ask your last two questions in separate threads with appropriate titles in the General Discussion forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Andy Johnson

    One of the unwritten rules here, Andy, is "one topic per thread" - that's to make it easier for future members to find an answer to their question without starting a new thread that's already been answered.  Please ask your last two questions in separate threads with appropriate titles in the General Discussion forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML