- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How can I exclude URL when blocking sites using App Rules (SonicOS 5.9.0)?
12/20/2019 
20 People found this article helpful
124,195 Views
Description
This article covers how to exclude a URL when blocking sites using App Rules. This article applies to SonicOS 5.9.0 and above.
Resolution
This KB articles describes how to block an HTTP site and exclude a page within the site. This KB uses the example of youtube.com and facebook.com, which are blocked but the URLs youtube.com/SonicWall and facebook.com/SonicWall are allowed.
To be able to exclude URLs within a site, a new Match Object Type, HTTP URL, has been created. When HTTP URL is selected, Match Object content must be a full URL with the hostname and the URI separated by a "/". For example, youtube.com/SonicWall. If there is no URI part in the URL, the URL must be terminated by a "/".
EXAMPLE: youtube.com/.
Match Type can be Partial, Exact, Suffix, Prefix and Regex.
NOTE: HTTP URL is only available for use in an App Rule policy with Policy Type selected as HTTP Client.
CAUTION: The following solution will not work if the traffic is over HTTPS unless DPI-SSL is enabled. DPI-SSL is license-based feature available in NSA 220 and above.
Create Match Object for sites to be blocked
- Login to the SonicWall management GUI.
- Navigate to the Firewall | Match Objects page.
- Click Add New Match Object to open the Add/Edit Match Object window.
- Enter a name for the match object.
- Select HTTP Host under Match Object Type.
- Select Match Type as Partial.
- Set Input Representation as Alphanumeric.
Create Match Object for URLs to be excluded
- Click Add New Match Object again to open the Add/Edit Match Object window.
- Enter a name for the match object.
- Select HTTP URL under Match Object Type.
- Select Match Type as Partial.
- Set Input Representation as Alphanumeric.
- Under Content, enter the full URL of the page you want excluded. In this example youtube.com/SonicWall and facebook.com/SonicWall.
- Click Add after each entry.
- Click OK .
Create App Rules policy
- Navigate to the Firewall | App Rules page.
- Enable the check-box Enable App Rules.
- Click Add New Policy button to open the Edit App Control Policy window.
- Enter the following information and click OK.
Testing
Now try to access youtube.com/SonicWall or facebook.com/SonicWall and access will be allowed.
Related Articles
- How can I enable multicast support?
- Accessing resources across network using Point to Point link
- Unable to access the junk summary URL using TCP port 10080
Categories
- Firewalls > NSa Series > Application Firewall
- Firewalls > NSv Series > Application Firewall
- Firewalls > TZ Series > Application Firewall
YES
NO