Skip to main content
dannycheng85
dannycheng85
New Member
May 14, 2013
Question

Configure Policy to access a single website via HTTP/HTTPS

  • May 14, 2013
  • 6 replies
  • 7544 views
Hi, Trying to configure a policy, to allow UserA to access FB only, other websites not accessible at all. I have set the policy " Src UserA, Dst www.facebook.com, service HTTP & HTTPS, action ALLOW" . The firewall is set with implicit deny, and DNS via internal server. However, UserA still not able to access FB and other websites. When I change the Dst to all, UserA have full access to the internet. Appreciate your assistance on this. Thank you.

    6 replies

    Omar_Hermannsson
    Omar_Hermannsson
    New Member
    May 14, 2013
    Facebook uses other sub domains besides www and they also use akamai. You could try using a policy with an urlfilter instead or use application control. Using the dst address like that seems likely to fail. For a urlfilter you would have to permit facebook.com and akamaihd.net at least. There might be other urls, this is just what I came up with after a quick rummage through the source.
    dannycheng85
    dannycheng85Author
    New Member
    May 15, 2013
    Hi Omar, You' re suggesting to use either Application Control or URL filter, but to use URL filter, need to associate with Web Filter, right? Cause I tried with a policy " Src UserA, Dst any, service HTTP & HTTPS, action ALLOW" and applied Web Filter to block every category, but with URL filter allowing facebook.com (wildcard) and there seems to be an implicit allow wildcard in there. So in the end, UserA still able to access all websites.
    Omar_Hermannsson
    Omar_Hermannsson
    New Member
    May 15, 2013
    I would use type Simple rather and then pop a wildcard * at the bottom with Block action. Something like this perhaps: 1 facebook.com Simple Exempt 2 akamaihd.net Simple Exempt 3 * Wildcard Block
    dannycheng85
    dannycheng85Author
    New Member
    May 16, 2013
    But the * wildcard Allow will appear by default, whenever I add in any entries, as shown below... 1 facebook.com Simple Exempt * * Allow Implicit
    Omar_Hermannsson
    Omar_Hermannsson
    New Member
    May 16, 2013
    ORIGINAL: dannycheng85 But the * wildcard Allow will appear by default, whenever I add in any entries, as shown below... 1 facebook.com Simple Exempt * * Allow Implicit
    Thats no problem. Your rules should override the implicit rule.
    dannycheng85
    dannycheng85Author
    New Member
    May 17, 2013
    But isn' t URL filter takes priority, then followed by web filter? If that' s the case, wouldn' t all website will be allowed looking at the ' implicit allow' ?
    Omar_Hermannsson
    Omar_Hermannsson
    New Member
    May 17, 2013
    ORIGINAL: dannycheng85 But isn' t URL filter takes priority, then followed by web filter? If that' s the case, wouldn' t all website will be allowed looking at the ' implicit allow' ?
    Yes, you' re right about the precedence but I was only talking about the URL filter rules. If you put an explicit block above the implicit one in the url filters like I suggested it will work. I just omitted the implicit part earlier. 1 facebook.com Simple Exempt 2 akamaihd.net Simple Exempt 3 * Wildcard Block * * Allow Implicit I did a quick test on my end and it worked as expected for me at least.
    dannycheng85
    dannycheng85Author
    New Member
    May 17, 2013
    Okay Omar, appreciate your kind help on this. I managed to get it to work now. Thanks a lot...
    Terms & ConditionsAccessibility statement