Blocking IP websites

jst3751 · October 2020

I am trying to block users on the LAN from accessing websites on the WAN that are IP based on a NSA 2600 6.5.4.6-79n

Example: http://10.10.10.123/blahblahblah

I have created a match object: Object type: HTTP URL; Match type: Regex Match; Input: Alphanumeric; Content "https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.*" (without the quotes)

I have created an App Rule: Policy type: HTTP Client Request; Match Object: above object; Action Object: Blocked HTTP; ANY ANY ANY; To Service: (2 rules one for HTTP and one for HTTPS); Direction: LAN>WAN

The rules are not catching anything.

Any help-suggestions appreciated.

Saravanan · October 2020

Hi @JST3751,

Welcome to SonicWall Community.

Looks like you wanna block the websites based on their IP addresses. If yes, please use firewall access rule feature in the SonicWall for this purpose/requirement. Please take a look at the below KB article for reference and follow the same logic.

https://www.sonicwall.com/support/knowledge-base/using-firewall-access-rules-to-block-incoming-and-outgoing-traffic/170503532387172/#:~:text=Network%20access%20rules%20take%20precedence,allowing%20this%20type%20of%20traffic.

Hope this helps. Let us know how it goes.

jst3751 · October 2020

https://community.sonicwall.com/technology-and-support/discussion/comment/4439#Comment_4439

No sorry that does not help. I know very well how to create address objects and so forth. That is a manual process to be added AFTER THE FACT.

I need to be able to block users from accessing IP Based websites at the time of attempt, not later.

Saravanan · October 2020

Hi @jst3751,

Got your situation. So, you are looking to block IP address based URL. Could you confirm this? I can provide suggestions accordingly.

jst3751 · March 18

https://community.sonicwall.com/technology-and-support/discussion/comment/4441#Comment_4441

Yes, that is what I am trying to do. So for example a user does a Google search for widgets, and on of the websites is actually http://10.10.10.10/default.htm I want to be able to block that.

jst3751 · March 18

I also find it funny that I am labeld as a NEWBIE. I have been working with Sonicwall firewalls since the days of SOHO2 SOHO3, TELE3 and PRO100. I was an active member of the original Sonicwall Forum as well as the third party Sonicwall forums. I as an active member when Sonicwall changed to a new forum software and had to recreate the account their. I was then a member of the Dell Sonicwall community when Dell bought Sonicwall.

Nat · March 19

Hi @jst3751

Multiple issues:

I think you should try HTTP host on match object as you are trying to block host IP not the URL/URI part.
You should try with HTTP access, as long as you dont have DPI-SSL enabled, I don't think firewall can block HTTPS access.
You dont need the https:// or http:// on the match object.

https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-match_objects/Content/Match_Objects_Match_Objects/match-objects-regular-expression-syntax.htm/

jst3751 · March 19

The Regex expression you listed is not usable, as it is extremely wide open, meaning it catches things such as http://www.google.com/mysearch/6225432.5245235234.5254325.54252.542522

The reason I had originally configured it with https? was to prevent the above.

There is no such "HTTP Access" on a NSA2600 6.5.4.6-79n.

Here is what I have now, and it is not working:

MasterRoshi · March 20

@jst3751, your regex "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" is fine, it works for me.

Your problem is either you don't have app control enabled, or enabled on the zone or you are making a request via HTTPS when you have selected HTTP in your rule as the service.

Join the Conversation

Blocking IP websites

Answers