Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 1 subscriber
  • Views 5550 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I want to TOTALLY BLOCK some sites by DNS name

predatorsw
It's not particularly obvious how to do this.

My first problem is somehow I have trojans and malware that can pull through the http firewall. OK, they may have some way of getting in, patterns weren't updated, blah blah blah. I can deal with that. I'm not happy, but I can deal.

My second problem is I can't specifically block sites like "doubleclick.com." Well, I may be able to but there's not a particularly obvious way of doing it.

I want to totally block sites by DNS name. PERMANENTLY. FOREVER. How exactly do I do that?


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to AMros
    Is the use of wildcards supported whitelists/blacklists?
    Example:
    http://*.avast.com
  • 0 in reply to JimmyM
    in V6 u have to use regular expressions
    in V7 u can type in domains

    generally u can use wildcards, but careful: Astaro stops after wildcard, so your example means "Any" - avast.* might be o.k. for avast.com, avast.de etc...

    rgds, andre
  • 0 in reply to AMros
    just type avast.com for blocking avast.com domain or use avast. to block all avast domains.

    Greets
    andi
  • 0 in reply to aglauser
    So in the "Always allow" section, I would type "avast.com". Not "http://*.avast.com"
  • 0 in reply to AMros
    Predatorsw, it's easy to do what you want in Astaro, but we can't help you without knowing what version you're using and what Proxies you have configured (HTTP and/or FTP).

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to JimmyM
    That is correct, JimmyM, and that also covers all subdomains like 'mail.avast.com'.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sorry, I'm running the latest and greatest, v7.

    Where is this blacklist stuff? I was digging through http proxy. Apparently this is the wrong spot?

    I ran through the menu again and don't see "blacklist" anywhere except smtp...
  • 0 in reply to predatorsw
    It's in the HTTP Proxy under the register "Content Filter". On the right hand side you have two boxes, one for the whitelist the other for the blacklist.

    Cheers
    Andi
  • 0 in reply to predatorsw
    'Web Security >> HTTP'
    'Content Filter' tab
    'Additional URLs/sites to block'

    Cheers - Bob
    PS If Trojans and other malwares are getting past the Astaro, I wonder if you haven't added a packet filter rule that's letting things bypass the HTTP Proxy.  What are your Packet Filter rules?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Sweet! Thanks guys!

    Of course when I show my packet filter settings everyone is going to smack their heads and say "you idiot!" but here goes...

     1 Any  ->  FTPWebServer_External
          FTP 
        
     2 Any ->   FTPWebServer_External 
         HTTPS 
     
     3 Any ->   FTPWebServer_External 
         HTTP 
        
     4 Any ->    ServerExch2 
         HTTP 
     
     5 Any ->    ServerExch  
         POP3 
     
     6 DMZ (Network)  ->  Any 
         Any 
     
     7 Internal (Network) ->  Any 
        Any 
     
     8 VPN Pool (L2TP) ->  Any 
        Any

    With these settings I've been stopped when going to known malware sites, so I *thought* they were OK?