Web Filter not blocking mail.yahoo.com from Yahoo.com

Network_Shark · ‎04-23-2019

I have a customer who wanted to block users from accessing the Yahoo mail page. I programmed the web filter to block the URL mail.yahoo.com and it seems to have worked. The customer contacted me and told me that one of the users was able to get to the Yahoo mail page by going to the main Yahoo.com site and clicking the Mail icon. When I tried it on another PC, I was not able to access the mail page by clicking on the mail icon from the main page. I ended up blocking *yahoo.com which is the main yahoo page but the customer is interested on finding the answer to the following question;

Is there a reason why the web filter will block some users and not others when accessing the yahoo mail page from the main site page? Or, can the user be doing something that would bypass the web filter?

Any info is helpful. Thank you

Dave_Hall · ‎04-24-2019

Looks like the site uses a login page with a *. wildcard security certificate. I don't have a yahoo email account, so don't know what page you are directed to after logging in, but guessing you could try blocking the url *.login.yahoo.com. (type wildcard).

If a workstation/device is able to get pass the login page, check the url and compare it against the security certificate. Also check if issue is happening in all web browsers. (I think Google Chrome tries to use QUIC (HTTPS on udp), so that could/may trip you up.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Network_Shark · ‎04-29-2019

Thank you, Dave.

I will look into it and let you know.

I appreciate your input very much.