Allowed URI and Forbidden URI in SonicWall Content Filter Service (CFS)
12/20/2019 652 44137
The Allowed Domains and Forbidden Domains feature has been enhanced and is called Allowed URI and Forbidden URI. Where Allowed and Forbidden Domains feature blocked or allowed connections to websites based on their domain names, the new feature blocks entire URIs. With this enhancement, specific resources within a website can be blocked or allowed.
NOTE: While performing tests to confirm the Allow/Forbidden URI, it is recommended to log out of the firewall or have another device to test with.
The Allowed/Forbidden URI objects can be found under Manage | Objects | Content Filter Objects | URI List Objects:
The following examples illustrate the difference in both features:
The Maximum number of characters allowed in a URI is 79.
CFS does a partial match of entries with the URI accessed.
EXAMPLE: The entry google.com will match www.google.com; www.nybooks.com/issues/ will match www.nybooks.com/issues//2014/dec/18/, but www.nybooks.com/issues/ will not match www.nybooks.com.
With HTTPS Content Filtering option checked, websites accessed over HTTPS will be blocked (as in earlier versions) based on Client Hello and Certificate messages. Therefore, the URI will not be blocked or allowed
To block URI of a website accessed over HTTPS requires DPI-SSL client Inspection