Setting up policy. From block all, to allow specific sites but filter them

Geia sou, Nikos, and welcome to the UTM Community!

Start with Configuring HTTP/S proxy access with AD SSO which also works with Transparent mode.  The things you want to do should be straightforward for a person that's installed several sites with WebAdmin.

To get good help here, one must ask questions that are more specific.  Show us an example of several URLs that you want to allow and related ones you want to block.  That will allow folks to see what approach should work best for you.

Cheers - Bob

Dear Bob,

Thanks for your reply.

I have already read and tried the instructions provided. Although it did not worked for me, I have opened a ticket to Sophos Support Team and expecting a reply. Since although i have successfully configured and the AD Integration and passed both tests. It is not possible to receive the Domain Users list.

Despite that, I will try to explain what we are trying to implement in our environment.

I want to create a group with Users named "FloorA".
The FloorA users should only have access to specific webpages. e.g embarcadero.com and all the subdomains.

But i do not want to be able to login or register to the website or to their forums. Thus i want to block access to specific urls e.g. 

https://community.embarcadero.com/login?return=aHR0cHM6Ly9jb21tdW5pdHkuZW1iYXJjYWRlcm8uY29tL2ZvcnVt

https://community.embarcadero.com/registration-form

By using the expression ^https?:\/\/([A-Za-z0-9.-]*\.)?embarcadero.com\/(registration|login)([A-Za-z0-9.?=-]*)? which in theory complies to our needs i can capture the websites.

The issue here is how to force the Web Filter to firstly block and then allow the rest of the same domain.
I tried to create a policy where i would allow a specific site and block the expression without luck.
Created a policy where it would allow the specific websites and another higher policy which blocks with the expression above, again no luck.

 In the future we want to make one policy with many expressions that could block urls which include words like login, register, authenticate, account

Any suggestions?

Thanks in advance.

Note 2017-03-16: this doesn't do what I wanted.

What happens if you block everything and make an Exception for the following?

 ^https?://([A-Za-z0-9.-]*\.)?embarcadero\.com/((?!(registration|login)).)*$

Cheers - Bob

This expression will allow again access to the whole domain if included in the Exception list and disable URL filter.

If i do not select URL Filtering the default block all policy will apply.

Still this not a solution or i am missing something.

What i have done on another Proxy web filtering utility is the following:

I have created a policy which allow the domain and any subdomain that we desire for employees to have access. Policy list position number set to 2

I have created another policy which blocks specific URLs or by using a wildcard, blocking pages starting with a URL. Policy list position number set to 1

I have created a default policy to block all traffic. Policy list position number set to 3.

By using the above configuration we have managed to block users from accessing specific webpages in an allowed domain and want to do the same exact result via Sophos UTM v9 thus to migrate. The example above was provided in order to provide details in what we want to accomplish.

Thanks in advance for your effort and time.

This expression will allow again access to the whole domain if included in the Exception list and disable URL filter.

If i do not select URL Filtering the default block all policy will apply.

Still this not a solution or i am missing something.

What i have done on another Proxy web filtering utility is the following:

I have created a policy which allow the domain and any subdomain that we desire for employees to have access. Policy list position number set to 2

I have created another policy which blocks specific URLs or by using a wildcard, blocking pages starting with a URL. Policy list position number set to 1

I have created a default policy to block all traffic. Policy list position number set to 3.

By using the above configuration we have managed to block users from accessing specific webpages in an allowed domain and want to do the same exact result via Sophos UTM v9 thus to migrate. The example above was provided in order to provide details in what we want to accomplish.

Thanks in advance for your effort and time.

I'm not 100% confident in my REGEX Kung Fu, but that should allow only URLs that don't include registration or login.  Registration and login URLs should not be included in the Exception using that expression.

Cheers - Bob

Dear Bob thank you for your time and effort.

I appreciate your replies and i am thankful for your time.

Using exclude in order to allow websites with expressions is not optimal for me.
There are many expressions that should be created, and might break something that could at the end let the users to have access to unwanted webpages.
So this makes it unfriendly for use and not possible to train my colleagues how to use if required.

I would like to avoid using expressions and block specific webpages, but in most cases the URL is dynamic.

Thus it is not possible to block without expressions and since wildcards does not apply.

I will try to contact the Support Team regarding this issue, despite that i have 1 week now a reported simpler issue without a fix.

If we do not find a solution then sadly will not implement Sophos UTM to our environment.

Any other ideas or suggestions would be appreciated, i do not want to give up that easily.

Thanks in advance.

Hi Nikos,

I think the best solution for your requirement is to work with tags. Please try following solution.

Step 1:

Go to Web Protection / Filtering Options / Websites and create a new site.

type community.embarcadero.com as domain

create a new Website Tag "Allowed Websites"

save

create new site

type community.embarcadero.com/login and community.embarcadero.com/registration-form

create a new Website Tag "Login and Registration"

save

Step 2:

Create a Filter Action that blocks all

Edit the Filter Action and switch to Websites

Add under "Control sites tagged in the Website List" the two new Website Tags

For the Login and Registration Tag choose Block and for the Allowed Websites Tag choose Allow

Is this what you need?

Regards

mod

I like this answer.  I tested my suggested REGEX and it doesn't work!

Cheers - Bob

I will test and provide a feedback, due to didn't have time to test today.

Thanks for your reply.

I know, this is working. I've tested it by myself ;)

vg

mod

Sadly it does not work for me.

Please find attached my configuration if it is helpful. Although I am allowed to access

community.embarcadero.com

I am also allowed to access 

https://community.embarcadero.com/login?return=aHR0cHM6Ly9jb21tdW5pdHkuZW1iYXJjYWRlcm8uY29tLw==

and

https://community.embarcadero.com/registration-form

I do not have access to any other website e.g. https://www.embarcadero.com/ which is the desired.

Maybe I am doing something wrong?

Thanks in advance for your time.

I did not manage to make it work.
A reply with screenshots of my configuration will be provided soon, as soon as my appeal be reviewed by admins.

Hi Nikos,

that's very strange. Today I've the same issues like you. I've also tested some regex. Sometimes it's working and sometimes not. That looks like a Bug. I've created an url filter exception with some different regex. Sometimes its working and sometimes not. I've no more Idea at the moment.

regards

mod