Skip to main content
clarkg
clarkg
New Member
May 15, 2013
Solved

Rate URL' s by domain and IP address question

  • May 15, 2013
  • 3 replies
  • 9097 views
So we block the web hosting category for our users. I also have the check box for rate url' s by domain and IP address checked. Lately alot of users, when they try to go to some pages (not sure exactly which ones) get blocked from the sites. In the URL, it has the IP address of the site that is blocked, and the category is webhosting. When I do an nslookup of the ip addresses, they are all either akamai.net or akamaitechnologies.com, which I know are backend servers for alot of sites. So what I have been doing is putting in a ratings override for the IP address into a category that is allowed. If I understand correctly, even though I put in the rating override, if the URL is in a category that is allowed, it will then allow the site. However, if it is something that isn' t, like facebook, it will still block it? Correct?
    Best answer by billp
    I consider the " rate URLs by domain and IP address" a legacy setting that doesn' t apply well to the modern Web. Too many sites resolve to the same IP and you will get a flood of false ratings. It might help if you describe what you are trying to achieve by blocking hosting sites. It eliminates a significant portion of the web. The Fortiguard website rates Akamai as a Content Server which is different than the Web Hosting rating. What version of FortiOS are you running?

    3 replies

    billp
    billpAnswer
    New Member
    May 15, 2013
    I consider the " rate URLs by domain and IP address" a legacy setting that doesn' t apply well to the modern Web. Too many sites resolve to the same IP and you will get a flood of false ratings. It might help if you describe what you are trying to achieve by blocking hosting sites. It eliminates a significant portion of the web. The Fortiguard website rates Akamai as a Content Server which is different than the Web Hosting rating. What version of FortiOS are you running?
    mbrowndcm
    mbrowndcm
    New Member
    May 30, 2013
    From what I' ve seen, FortiGuard actually secures on the side of un-security when it comes to this setting. Example: youtube.com' s IP space === google.com' s IP space. Without blocking HTTPS, but blocking Streaming & Media, *youtube.com is blocked over HTTP, but over HTTPS it is not. facebook.com' s IP space === facebook.com' s IP space. Blocking Social Networking, *facebook.com is blocked over HTTP and HTTPS.
    billp
    billp
    New Member
    May 31, 2013
    Interesting. I haven' t used it in a while. The last time I tried it, my users were getting unpredictable results -- or it at least seemed unpredictable to me -- so I disabled it. It was probably over a year (or two) ago, so my experiences are definitely dated. I' d be curious if/how others are using this setting.
    Terms & ConditionsAccessibility statement