Block all URLs, allow only a few
Block all URLs, allow only a few
Hello :)
Is there a way to block all URLs using URL filtering, then only allowing a select few?
I have tried to deny *.* or * in one rule - then allow *.google.com in another rule, this is not working though.
Can this even be done?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
You should set the allow rule in front, and then the deny rule. ACL rules will take effect in turn from top to bottom.
- Copy Link
- Report Inappropriate Content
You have any insight in the URL Filtering setting? It's not the ACL I'm trying to configure, but it's looking like I may need to switch to the ACL
- Copy Link
- Report Inappropriate Content
What devices do you have? And what's your topology and purpose?
- Copy Link
- Report Inappropriate Content
I'm working with a split network that is used by many different businesses in a shared building environment.
Split by subnets; Business 1 = 192.168.1.1++, Business 2 = 192.168.2.1++
I've been asked by one of the businesses to lock down all internet traffic of some front line workers that are limited to the use of one webapp.
The network is a complete Omada network. From the Wifi access points, switches and router. Also containing a cloud controller.
- Copy Link
- Report Inappropriate Content
I would recommend doing this via an ACL
I have some services and ports blocked via ACL and it works fine :)
Under Settings Profiles, create a new group > IP group and add port 80, 443
Under Network Security create a new ACL (switch recommended if you have VLANs) and do a 2 way deny between the IP group and the Network you want.
Set this ACL policy higher than anything else similar, especially any Allow Policies.
This should stop all HTTP and HTTPs traffic, add other ports as you feel for SMTP, POP, IMAP etc..
Example below I've blocked access to the Gateway Web interface access for Guests and IOT
- Copy Link
- Report Inappropriate Content
Sorry misread that and didnt realise you wanted some URLs accessible. In that case use the URL filter as mentioned :)
- Copy Link
- Report Inappropriate Content
Sorry my mistake. URL filtering is also the same. It will also take effect in turn. So just go to set the allow rule in front, and then the deny rule in second. For the deny rule, you just need to set one *, no need for *.*.
- Copy Link
- Report Inappropriate Content
Does it take a while to set after saving the setting?
I have a IP Group set up with subnet 192.168.11.0/24
Then in URL Filtering I have "Allow Google" set to permit, with the Source Type being the IP Group of 192.168.11.0/24 I created. The URL is *.google.com
This is the same setting for the deny, but I have it set to deny and the URLs to *
Would this be correct?
I have a computer on the network with the IP address of 192.168.11.10 - and it is still able to access any website.
- Copy Link
- Report Inappropriate Content
Any screenshots you can provide? You set gateway rules or EAP rules?
- Copy Link
- Report Inappropriate Content
Dear @H7FM,
H7FM wrote
Does it take a while to set after saving the setting?
I have a IP Group set up with subnet 192.168.11.0/24
Then in URL Filtering I have "Allow Google" set to permit, with the Source Type being the IP Group of 192.168.11.0/24 I created. The URL is *.google.com
This is the same setting for the deny, but I have it set to deny and the URLs to *
Would this be correct?
I have a computer on the network with the IP address of 192.168.11.10 - and it is still able to access any website.
Sorry to jump in but I'd like to check some information with you.
I believe you are configuring the URL Filtering under Gateway Rules, are your settings like the image below with Permit ahead of Deny?
How did you test whether the URL Filtering takes effect? Which websites have you tested?
If you still can access all websites, please clear the DNS cache to double-check it.
If you are using Google browser for testing, please try other browsers like Firefox and see if it makes any difference.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1670
Replies: 11
Voters 0
No one has voted for it yet.