How can I exclude URL when blocking sites using App Rules (SonicOS 5.9.0)?
05/23/2023 26 People found this article helpful 404,599 Views
Description
This article covers how to exclude a URL when blocking sites using App Rules. This article applies to SonicOS 5.9.0 and above.
Resolution
This KB articles describes how to block an HTTP site and exclude a page within the site. This KB uses the example of youtube.com and facebook.com, which are blocked but the URLs youtube.com/SonicWall and facebook.com/SonicWall are allowed.
To be able to exclude URLs within a site, a new Match Object Type, HTTP URL, has been created. When HTTP URL is selected, Match Object content must be a full URL with the hostname and the URI separated by a "/". For example, youtube.com/SonicWall. If there is no URI part in the URL, the URL must be terminated by a "/".
EXAMPLE: youtube.com/.
Match Type can be Partial, Exact, Suffix, Prefix and Regex.
NOTE: HTTP URL is only available for use in an App Rule policy with Policy Type selected as HTTP Client.
CAUTION: The following solution will not work if the traffic is over HTTPS unless DPI-SSL is enabled. DPI-SSL is license-based feature available in NSA 220 and above.
Create Match Object for sites to be blocked
- Login to the SonicWall management GUI.
- Navigate to the Firewall | Match Objects page.
- Click Add New Match Object to open the Add/Edit Match Object window.
- Enter a name for the match object.
- Select HTTP Host under Match Object Type.
- Select Match Type as Partial.
- Set Input Representation as Alphanumeric.
Create Match Object for URLs to be excluded
- Click Add New Match Object again to open the Add/Edit Match Object window.
- Enter a name for the match object.
- Select HTTP URL under Match Object Type.
- Select Match Type as Partial.
- Set Input Representation as Alphanumeric.
- Under Content, enter the full URL of the page you want excluded. In this example youtube.com/SonicWall and facebook.com/SonicWall.
- Click Add after each entry.
- Click OK .
Create App Rules policy
- Navigate to the Firewall | App Rules page.
- Enable the check-box Enable App Rules.
- Click Add New Policy button to open the Edit App Control Policy window.
- Enter the following information and click OK.
Testing
Now try to access youtube.com/SonicWall or facebook.com/SonicWall and access will be allowed.
Related Articles
Categories
Was This Article Helpful?
YESNO