Blocking IP websites

jst3751

I am trying to block users on the LAN from accessing websites on the WAN that are IP based on a NSA 2600 6.5.4.6-79n

Example: http://10.10.10.123/blahblahblah

I have created a match object: Object type: HTTP URL; Match type: Regex Match; Input: Alphanumeric; Content "https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.*" (without the quotes)

I have created an App Rule: Policy type: HTTP Client Request; Match Object: above object; Action Object: Blocked HTTP; ANY ANY ANY; To Service: (2 rules one for HTTP and one for HTTPS); Direction: LAN>WAN

The rules are not catching anything.

Any help-suggestions appreciated.

Saravanan

Hi @JST3751,

Welcome to SonicWall Community.

Looks like you wanna block the websites based on their IP addresses. If yes, please use firewall access rule feature in the SonicWall for this purpose/requirement. Please take a look at the below KB article for reference and follow the same logic.

https://www.sonicwall.com/support/knowledge-base/using-firewall-access-rules-to-block-incoming-and-outgoing-traffic/170503532387172/#:~:text=Network%20access%20rules%20take%20precedence,allowing%20this%20type%20of%20traffic.

Hope this helps. Let us know how it goes.

jst3751

https://community.sonicwall.com/technology-and-support/discussion/comment/4439#Comment_4439

No sorry that does not help. I know very well how to create address objects and so forth. That is a manual process to be added AFTER THE FACT.

I need to be able to block users from accessing IP Based websites at the time of attempt, not later.

Saravanan

Hi @jst3751,

Got your situation. So, you are looking to block IP address based URL. Could you confirm this? I can provide suggestions accordingly.

jst3751

https://community.sonicwall.com/technology-and-support/discussion/comment/4441#Comment_4441

Yes, that is what I am trying to do. So for example a user does a Google search for widgets, and on of the websites is actually http://10.10.10.10/default.htm I want to be able to block that.

jst3751

I also find it funny that I am labeld as a NEWBIE. I have been working with Sonicwall firewalls since the days of SOHO2 SOHO3, TELE3 and PRO100. I was an active member of the original Sonicwall Forum as well as the third party Sonicwall forums. I as an active member when Sonicwall changed to a new forum software and had to recreate the account their. I was then a member of the Dell Sonicwall community when Dell bought Sonicwall.

Nat

Hi @jst3751

Multiple issues:

1. I think you should try HTTP host on match object as you are trying to block host IP not the URL/URI part.
2. You should try with HTTP access, as long as you dont have DPI-SSL enabled, I don't think firewall can block HTTPS access.
3. You dont need the https:// or http:// on the match object.

https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-match_objects/Content/Match_Objects_Match_Objects/match-objects-regular-expression-syntax.htm/

jst3751

The Regex expression you listed is not usable, as it is extremely wide open, meaning it catches things such as http://www.google.com/mysearch/6225432.5245235234.5254325.54252.542522

The reason I had originally configured it with https? was to prevent the above.

There is no such "HTTP Access" on a NSA2600 6.5.4.6-79n.

Here is what I have now, and it is not working:

MasterRoshi

@jst3751, your regex "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" is fine, it works for me.

Your problem is either you don't have app control enabled, or enabled on the zone or you are making a request via HTTPS when you have selected HTTP in your rule as the service.

jst3751

Sorry for the long delay. Other things have been keeping me busy.

The HTTP service rule is working as intended. The problem is HTTPS is not catching anything. Below is the HTTPS rule which is not catching anything. The comparable HTTP rule is catching.

So I tried changing to a custom rule and THAT is not working either.

Here is the custom match object