How to block pages within a website (eg. Facebook.com) using Regular Expressions (Regex)

Description

How to block pages within a website (eg. Facebook.com) using Regular Expressions (Regex)

Resolution

Let us say you have to block a user's page within Facebook. The page mustn't be available either by entering facebook.com/user.name nor from the search facility within Facebook and not only the main landing page of the user, but even Photos, About, Timeline etc. should not be available for viewing. To achieve this, we use the SonicWall Regular Expression (Regex) library in App Rules with Match Object type URL.

In this article, we use the following examples to block specific pages within websites:

To block all access to a user's page in Facebook, use
 

(www.)?facebook.com/(pages/)?foo(-|.)?bar(-|.)?networks((/|?)([dD]*))?

This regex will block access to the following pages
 

www.facebook.com/pages/foo-bar-networks/111329968892694
www.facebook.com/pages/foo-bar-networks/111329968892694?fref=ts
www.facebook.com/pages/foo-bar-networks/111329968892694/about?fref=ts
www.facebook.com/foobarnetworks
www.facebook.com/foobarnetworks/Photos
www.facebook.com/foobarnetworks?fref=ts
www.facebook.com/foo.bar.networks/98230982389


You could modify the regex according to your requirements.

Note:

If a website is accessed over HTTPS - in the case of facebook.com it is always over HTTPS by default - DPI-SSL Client Inspection needs to be enabled and the checkbox under Application Firewall must be checked.
Image

Procedure:
 

Create Match Object for URLs to be blocked

1.   Login to the management interface of the SonicWall UTM appliance
2.   Navigate to the Firewall |  Match Objects page.
3.   Click on Add New Match Object to open the Add/Edit Match Object window.
4.   Enter a name for the match object. For example, Facebook Users
5.   Select HTTP URL under Match Object Type
6.   Select Match Type as Regex
7.   Set Input Representation as Alphanumeric
8.   Under Content , enter the regular expression - (www.)?facebook.com/(pages/)?foo(-|.)?bar(-|.)?networks((/|?)([dD]*))?
Note: Replace "foobar networks" with the username you want to block
9.   Click on Add after each entry.
10. Click on OK to save.

 Image

Create App Rules policy


1. Navigate to the Firewall | App Rules  page.
2. Enable the check-box Enable App Rules.
3. Click on the Add New Policy button to open the Edit App Control Policy window.
4. Set the App Rules policy with the following values:

  • Policy Name: Block Facebook Users (or any name)
  • Policy Type:  HTTP Client
  • Source: Any
  • Destination: Any
  • Address: Any (These are IP addresses to be included)
  • Service:  Source Any
  • Service: Destination HTTP
  • Exclusion Address: None
  • Match Object:Included: Set the HTTP URL Match Object with regex content created earlier - Facebook Users
  • Match Object:Excluded: None (This is for setting excluded URLs)
  • Action Object: Reset/Drop
  • Users/Groups: Included: All
  • Users/Groups:  Excluded: None
  • Schedule: Alway on
  • Enable flow reporting: check or uncheck
  • Enable Logging: Enabled by default
  • Log individual object content: Enable check box (recommended)
  • Log Redundancy Filter (seconds): Use Global Settings 
  • Connection Side: Client Side
  • Direction: Both

5. Click on OK to create this policy.

Image

Testing:

From a host behind the SonicWall, try to access a user's page in facebook.com. When the request is blocked the webpage will fail to load and the following log messages will be generated in the SonicWall logs.
Image 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community