Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Web Security: Support definitions for Allow/Block sites

We are finding on a lot of our sites the company is deciding to block facebook/myspace. When we go into the Web Security -> HTTP/S -> Content Filter, and the Additional URL's to Block box, we can add individual sites, and use just facebook on it's own, but this doesn't pick up "fbcdn.net".

Under Network Definitions, I can put DNS Group and call it facebook, and this picks up all the facebook sites.

I'd like to be able to drag and drop from the Definitions section into the "Additional URL's" box.

46 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Trevor FurnellTrevor Furnell shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    6 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Gert HansenGert Hansen commented  ·   ·  Flag as inappropriate

        What are the typical websites/webapplications that you want to be blocked by this way? We might have another way to do this, by astaro analyzing the websites and giving you a simple checkbox option to block these webapps completly.

      • Trevor FurnellTrevor Furnell commented  ·   ·  Flag as inappropriate

        Yes Raj, you've nailed it. By using the dns group I get all the sites due to the dns group populating itself. (It's a very cool ability) and tapping into this gives me an easy way to block all facebook. We're getting more and more clients asking to just block facebook, or just rsvp or just some other individual site.

      • Raj DubeyRaj Dubey commented  ·   ·  Flag as inappropriate

        I like this idea, but I'm not sure I understand Bob's comment. If I use "social networking" via the categories it get's lots of those types of sites, but I don't want all of them blocked, just some. I think this may be what Trevor is refereing to..?? I can see also where Trevor is trying to go with the drag and drop part, in that he is also refering to the lack of drag and drop within the content filter section, but also some sites have several different addresses that can be used to access them, thats the reference to facebook.com and fbcdn.net. Both those url's go to facebook, and if you only have facebook.com setup as the block in the content filter, then users can bypass this by going to fbcdn.net, if we can drag the dns group from the network definitions screen into this then we block all the facebook sites, regardless of what they are called. Trevor is that what your trying to say..

      • Bob AlfsonBob Alfson commented  ·   ·  Flag as inappropriate

        In essence, what you are requesting is the effect of "URL filtering categories." As long as "Social Networking" is one of the blocked categories, not only are facebook.com and fbcdn.net, but classmates.com, myspace, etc.

        I'm not saying there aren't good reasons to be able to block specific URLs, just that the constant appearance of new ones plus the sheer volume of current ones makes the old brute-force defense untenable.

      Feedback and Knowledge Base