Block all URLs, allow only a few

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Block all URLs, allow only a few

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Block all URLs, allow only a few
Block all URLs, allow only a few
2021-08-12 14:46:01

Hello :)

 

Is there a way to block all URLs using URL filtering, then only allowing a select few?

 

I have tried to deny *.* or * in one rule - then allow *.google.com in another rule, this is not working though.

 

Can this even be done?

  0      
  0      
#1
Options
11 Reply
Re:Block all URLs, allow only a few
2021-08-13 03:12:02

@H7FM 

 

You should set the allow rule in front, and then the deny rule. ACL rules will take effect in turn from top to bottom.

  0  
  0  
#2
Options
Re:Block all URLs, allow only a few
2021-08-13 08:25:17

@Somnus 

 

You have any insight in the URL Filtering setting? It's not the ACL I'm trying to configure, but it's looking like I may need to switch to the ACL

  0  
  0  
#3
Options
Re:Block all URLs, allow only a few
2021-08-13 08:45:25

@H7FM 

What devices do you have? And what's your topology and purpose?

  0  
  0  
#4
Options
Re:Block all URLs, allow only a few
2021-08-13 09:09:52

@Somnus 

 

I'm working with a split network that is used by many different businesses in a shared building environment.

 

Split by subnets; Business 1 = 192.168.1.1++, Business 2 = 192.168.2.1++

 

I've been asked by one of the businesses to lock down all internet traffic of some front line workers that are limited to the use of one webapp.

 

The network is a complete Omada network. From the Wifi access points, switches and router. Also containing a cloud controller.

  0  
  0  
#5
Options
Re:Block all URLs, allow only a few
2021-08-13 12:13:47

@H7FM 

 

I would recommend doing this via an ACL
 

I have some services and ports blocked via ACL and it works fine :)

 

Under Settings Profiles, create a new group > IP group and add port 80, 443

Under Network Security create a new ACL (switch recommended if you have VLANs) and do a 2 way deny between the IP group and the Network you want.

Set this ACL policy higher than anything else similar, especially any Allow Policies.

 

This should stop all HTTP and HTTPs traffic, add other ports as you feel for SMTP, POP, IMAP etc.. 

 

Example below I've blocked access to the Gateway Web interface access for Guests and IOT

 

  0  
  0  
#6
Options
Re:Block all URLs, allow only a few
2021-08-13 12:16:50

@H7FM 

 

Sorry misread that and didnt realise you wanted some URLs accessible.  In that case use the URL filter as mentioned :)

  0  
  0  
#7
Options
Re:Block all URLs, allow only a few
2021-08-16 02:40:14

@H7FM 

 

Sorry my mistake. URL filtering is also the same. It will also take effect in turn. So just go to set the allow rule in front, and then the deny rule in second. For the deny rule, you just need to set one *, no need for *.*.

  0  
  0  
#8
Options
Re:Block all URLs, allow only a few
2021-08-16 08:45:44 - last edited 2021-08-16 08:55:39

@Somnus 

 

Does it take a while to set after saving the setting?

 

I have a IP Group set up with subnet 192.168.11.0/24

 

Then in URL Filtering I have "Allow Google" set to permit, with the Source Type being the IP Group of 192.168.11.0/24 I created. The URL is *.google.com

 

 

This is the same setting for the deny, but I have it set to deny and the URLs to *

 

 

 

Would this be correct?

 

 

I have a computer on the network with the IP address of 192.168.11.10 - and it is still able to access any website.

  0  
  0  
#9
Options
Re:Block all URLs, allow only a few
2021-08-17 01:01:22 - last edited 2021-08-17 01:03:27

@H7FM 

Any screenshots you can provide? You set gateway rules or EAP rules?

  0  
  0  
#10
Options
Re:Block all URLs, allow only a few
2021-08-18 09:01:35

Dear @H7FM,

 

H7FM wrote

@Somnus 

 

Does it take a while to set after saving the setting?

I have a IP Group set up with subnet 192.168.11.0/24

Then in URL Filtering I have "Allow Google" set to permit, with the Source Type being the IP Group of 192.168.11.0/24 I created. The URL is *.google.com

This is the same setting for the deny, but I have it set to deny and the URLs to *

Would this be correct?

I have a computer on the network with the IP address of 192.168.11.10 - and it is still able to access any website.

 

Sorry to jump in but I'd like to check some information with you.

 

I believe you are configuring the URL Filtering under Gateway Rules, are your settings like the image below with Permit ahead of Deny?

 

How did you test whether the URL Filtering takes effect? Which websites have you tested?

 

If you still can access all websites, please clear the DNS cache to double-check it.

If you are using Google browser for testing, please try other browsers like Firefox and see if it makes any difference.

2022 TP-Link Wi-Fi 7 Product Launch Event | Watch the Replay at https://www.tp-link.com/us/wifi7/event/.
  0  
  0  
#11
Options