Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 6602 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking whole Top Level Domains via Web Protection

guezt01
Hi@all,

one of our customers wishes to implement his new UTM-Proxy as follows:

Step 1: Block all requests going to Top Level Domains other than .com, .de and .pl
Step 2: Filter all requests to the allowed TLDs via UTM filtering categories

Unfortunately I have no idea how to do step one.
My first thought was a blacklist on the filter action saying "everything but .com, .de and .pl" - but I don't get it to work.

Any suggestions?


This thread was automatically locked due to age.
Parents
  • +1
    Not extensively tested: 

    ^https?://[A-Za-z0-9.-]*\.(?!com/)(?!de/)(?!pl/).{2,3}/


    Regex comments and suggestions welcome.

    Edited:
    I pulled the previously posted regex via the command line where there was an extra escape character instead of from the web interface.  The regex now has the correct number of escapes for entry via WebAdmin.
  • 0 in reply to teched_01
    Perhaps he would be interested in the GEOIP Country blocking, rather than domain name.
    Go to Network Protection, Country Blocking.  This looks at the IP to determine where it is and block all network traffic (including website visits).  However a .ru site that is hosted in Germany would appear to be German.

    If you want to do it by domain tld then it might be easiest to do a blacklist of all tlds that you don't want.  You'll then have to periodically maintain it as new tlds are added.

    ^https?://([A-Za-z0-9.-]*\.)?\.[uk|gov|edu|ru|***|info]/


    Unfortunately Country Blocking is no option because the country-tld-combination is not always nonambiguous (as you said)  [[:(]]
    I will try your regex suggestion later today - thank you so far...


    Not extensively tested: 

    ^https?://[A-Za-z0-9.-]*\.(?!com/)(?!de/)(?!pl/).{2,3}/


    Regex comments and suggestions welcome.


    Unfortunately this doesn't work - maybe I can find out why .. but right now I have no clue [[:(]]
    Thanks so far!
Reply
  • 0 in reply to teched_01
    Perhaps he would be interested in the GEOIP Country blocking, rather than domain name.
    Go to Network Protection, Country Blocking.  This looks at the IP to determine where it is and block all network traffic (including website visits).  However a .ru site that is hosted in Germany would appear to be German.

    If you want to do it by domain tld then it might be easiest to do a blacklist of all tlds that you don't want.  You'll then have to periodically maintain it as new tlds are added.

    ^https?://([A-Za-z0-9.-]*\.)?\.[uk|gov|edu|ru|***|info]/


    Unfortunately Country Blocking is no option because the country-tld-combination is not always nonambiguous (as you said)  [[:(]]
    I will try your regex suggestion later today - thank you so far...


    Not extensively tested: 

    ^https?://[A-Za-z0-9.-]*\.(?!com/)(?!de/)(?!pl/).{2,3}/


    Regex comments and suggestions welcome.


    Unfortunately this doesn't work - maybe I can find out why .. but right now I have no clue [[:(]]
    Thanks so far!
Children