How can I exclude URL when blocking sites using App Rules (SonicOS 5.9.0)?

12/20/2019 13 15356

DESCRIPTION:

This article covers how to exclude a URL when blocking sites using App Rules. This article applies to SonicOS 5.9.0 and above.

RESOLUTION:

This KB articles describes how to block an HTTP site and exclude a page within the site. This KB uses the example of youtube.com and facebook.com, which are blocked but the URLs youtube.com/SonicWall and facebook.com/SonicWall are allowed.

To be able to exclude URLs within a site, a new Match Object Type, HTTP URL, has been created. When HTTP URL is selected, Match Object content must be a full URL with the hostname and the URI separated by a "/". For example, youtube.com/SonicWall. If there is no URI part in the URL, the URL must be terminated by a "/".

EXAMPLE: youtube.com/.

Match Type can be Partial, Exact, Suffix, Prefix and Regex.

NOTE: HTTP URL is only available for use in an App Rule policy with Policy Type selected as HTTP Client.

CAUTION: The following solution will not work if the traffic is over HTTPS unless DPI-SSL is enabled. DPI-SSL is license-based feature available in NSA 220 and above.

Create Match Object for sites to be blocked

1. Login to the SonicWall management GUI.
2. Navigate to the Firewall | Match Objects page.
3. Click Add New Match Object to open the Add/Edit Match Object window.
4. Enter a name for the match object.
5. Select HTTP Host under Match Object Type.
6. Select Match Type as Partial.
7. Set Input Representation as Alphanumeric.
   

Create Match Object for URLs to be excluded

1. Click Add New Match Object again to open the Add/Edit Match Object window.
2. Enter a name for the match object.
3. Select HTTP URL under Match Object Type.
4. Select Match Type as Partial.
5. Set Input Representation as Alphanumeric.
6. Under Content, enter the full URL of the page you want excluded. In this example youtube.com/SonicWall and facebook.com/SonicWall.
7. Click Add after each entry.
8. Click OK .
   

Create App Rules policy

1. Navigate to the Firewall | App Rules page.
2. Enable the check-box Enable App Rules.
3. Click   Add New Policy button to open the Edit App Control Policy window.
4. Enter the following information and click OK.
   

Testing

Now try to access youtube.com/SonicWall or facebook.com/SonicWall and access will be allowed.