Blocking IP websites
jst3751
Newbie ✭
I am trying to block users on the LAN from accessing websites on the WAN that are IP based on a NSA 2600 6.5.4.6-79n
Example: http://10.10.10.123/blahblahblah
I have created a match object: Object type: HTTP URL; Match type: Regex Match; Input: Alphanumeric; Content "https?:\/\/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}.*" (without the quotes)
I have created an App Rule: Policy type: HTTP Client Request; Match Object: above object; Action Object: Blocked HTTP; ANY ANY ANY; To Service: (2 rules one for HTTP and one for HTTPS); Direction: LAN>WAN
The rules are not catching anything.
Any help-suggestions appreciated.
Category: Mid Range Firewalls
0
Answers
Hi @JST3751,
Welcome to SonicWall Community.
Looks like you wanna block the websites based on their IP addresses. If yes, please use firewall access rule feature in the SonicWall for this purpose/requirement. Please take a look at the below KB article for reference and follow the same logic.
Hope this helps. Let us know how it goes.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
No sorry that does not help. I know very well how to create address objects and so forth. That is a manual process to be added AFTER THE FACT.
I need to be able to block users from accessing IP Based websites at the time of attempt, not later.
Got your situation. So, you are looking to block IP address based URL. Could you confirm this? I can provide suggestions accordingly.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Yes, that is what I am trying to do. So for example a user does a Google search for widgets, and on of the websites is actually http://10.10.10.10/default.htm I want to be able to block that.
I also find it funny that I am labeld as a NEWBIE. I have been working with Sonicwall firewalls since the days of SOHO2 SOHO3, TELE3 and PRO100. I was an active member of the original Sonicwall Forum as well as the third party Sonicwall forums. I as an active member when Sonicwall changed to a new forum software and had to recreate the account their. I was then a member of the Dell Sonicwall community when Dell bought Sonicwall.
Hi @jst3751
Multiple issues:
The Regex expression you listed is not usable, as it is extremely wide open, meaning it catches things such as http://www.google.com/mysearch/6225432.5245235234.5254325.54252.542522
The reason I had originally configured it with https? was to prevent the above.
There is no such "HTTP Access" on a NSA2600 6.5.4.6-79n.
Here is what I have now, and it is not working:
@jst3751, your regex "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" is fine, it works for me.
Your problem is either you don't have app control enabled, or enabled on the zone or you are making a request via HTTPS when you have selected HTTP in your rule as the service.
Sorry for the long delay. Other things have been keeping me busy.
The HTTP service rule is working as intended. The problem is HTTPS is not catching anything. Below is the HTTPS rule which is not catching anything. The comparable HTTP rule is catching.
So I tried changing to a custom rule and THAT is not working either.
Here is the custom match object