How to block pages within a website (eg. Facebook.com) using Regular Expressions (Regex)

03/26/2020 14 People found this article helpful 484,994 Views

Description

Resolution

Let us say you have to block a user's page within Facebook. The page mustn't be available either by entering facebook.com/user.name nor from the search facility within Facebook and not only the main landing page of the user, but even Photos, About, Timeline etc. should not be available for viewing. To achieve this, we use the SonicWall Regular Expression (Regex) library in App Rules with Match Object type URL.

In this article, we use the following examples to block specific pages within websites:

To block all access to a user's page in Facebook, use

(www.)?facebook.com/(pages/)?foo(-|.)?bar(-|.)?networks((/|?)([dD]*))?

This regex will block access to the following pages

www.facebook.com/pages/foo-bar-networks/111329968892694

www.facebook.com/pages/foo-bar-networks/111329968892694?fref=ts

www.facebook.com/pages/foo-bar-networks/111329968892694/about?fref=ts

www.facebook.com/foobarnetworks

www.facebook.com/foobarnetworks/Photos

www.facebook.com/foobarnetworks?fref=ts

www.facebook.com/foo.bar.networks/98230982389

You could modify the regex according to your requirements.

Note:

If a website is accessed over HTTPS - in the case of facebook.com it is always over HTTPS by default - DPI-SSL Client Inspection needs to be enabled and the checkbox under Application Firewall must be checked.

Procedure:

Create Match Object for URLs to be blocked

1. Login to the management interface of the SonicWall UTM appliance
2. Navigate to the Firewall | Match Objects page.
3. Click on Add New Match Object to open the Add/Edit Match Object window.
4. Enter a name for the match object. For example, Facebook Users
5. Select HTTP URL under Match Object Type
6. Select Match Type as Regex
7. Set Input Representation as Alphanumeric
8. Under Content , enter the regular expression - (www.)?facebook.com/(pages/)?foo(-|.)?bar(-|.)?networks((/|?)([dD]*))?

Note: Replace "foobar networks" with the username you want to block

9. Click on Add after each entry.
10. Click on OK to save.

Create App Rules policy

1. Navigate to the Firewall | App Rules page.
2. Enable the check-box Enable App Rules.
3. Click on the Add New Policy button to open the Edit App Control Policy window.
4. Set the App Rules policy with the following values:

Policy Name: Block Facebook Users (or any name)
Policy Type: HTTP Client
Source: Any
Destination: Any
Address: Any (These are IP addresses to be included)
Service: Source Any
Service: Destination HTTP
Exclusion Address: None
Match Object:Included: Set the HTTP URL Match Object with regex content created earlier - Facebook Users
Match Object:Excluded: None (This is for setting excluded URLs)
Action Object: Reset/Drop
Users/Groups: Included: All
Users/Groups: Excluded: None
Schedule: Alway on
Enable flow reporting: check or uncheck
Enable Logging: Enabled by default
Log individual object content: Enable check box (recommended)
Log Redundancy Filter (seconds): Use Global Settings
Connection Side: Client Side
Direction: Both

5. Click on OK to create this policy.

Testing:

From a host behind the SonicWall, try to access a user's page in facebook.com. When the request is blocked the webpage will fail to load and the following log messages will be generated in the SonicWall logs.