Using Application Firewall to block HTTPS sites with certificate common name (CN)
03/26/2020 1066 12736
This article describes how to block secure sites such as https://www.facebook.com using the Common Name (CN) in the certificate.
Begin with navigating to Application Firewall | Application Objects.
You will be adding what is seen in red; first you must click on “Add New Object”
When you are adding your object, name the object something that is relative to what you are blocking.
NOTE:For HTTPS sites you will need to gather the common name associated to the HTTPS site. This means you’ll need to view the certificate and gather its CN.
Make sure the application object is a custom object and the content that you associate to this object is the common name just as it’s seen on the certificate. Also the custom object match type must be an exact match. Once you have entered all appropriate information for each field click OK.
Next, add the policy. This will create the rule to enforce the object you just entered. Under the Application Firewall menu click on Policies and click “Add New Policy”.
The key fields here are as follows:
Source Service: HTTPS Application Object: FB Common Name (The object created earlier in this document) Action: Reset/Drop Connection Side: Server Side Direction: Basic/Incoming
At this point all other fields can be modified for more specified action.
If you have issues be sure to clear cache, cookies and all offline content. Close your browser and test once more.