Web Protection: Global URL Blacklist & Whitelist For All Profiles
It would be nice if we could create for the blocking a group of URLs, which may be analogous to the block "URL Filtering Categories" in the "Filter Actions". For example, the URL's to be blocked must not enter in every profile under blacklist.
Currently, when you need to add some exceptions to a profile (not to all users), you have to add them manually using regular expressions and/or adding domains to the exceptions section; but there is no way to create a white/black list and reuse them on one or several profiles.
It would be very handy because then you would be able to change its content globally, currently you have to edit the exception lists on each profile manually.
Currently under web security there is no way to add a master block or allow list. You have to create one for each filter action.
In UTM 9.3 we have introduced the concept of URL tags. Sites entered in the Website List can be tagged, and the tags can be used in policy to block or allow groups of web sites. Since new sites can be added to the Website List and tagged at any time, there is no longer any need to add the URLs to individual policies.
For more information on this release, see this blog post: http://blogs.sophos.com/2014/11/10/sophos-utm-advantage-9-3-is-coming-soon-find-out-whats-new-2/
I don't see this feature as completed. The configuration entries referenced by URL tags cannot be defined using regular expressions. They support "URLs, domains, ip addresses or CIDR ranges". So they do not fully replace blacklist/whitelist entries.
Internally, black- and whitelists are obviously already global objects that are referenced in filter actions. And UTM requires them to have a uniqe name even across filter actions. So we just need a possibility to choose the existing ones from a left hand side list like any other global object.
Please note that there is a Feature Request showing another approach to this subject - adding the websites to own or existing categories:
It´s a very good idea! I need this feature too. If you have some filter actions and many URL`s to block for all(!), you have to enter the list often and ANY addition! A lot of work.
This global lists are much better. Only one for all. In the filter action you can select it. Smart and modular. And I think it is easy to install it into UTM 9. ;-)
I think the globals get run first, the the proxy profiles. I whitelisted a bunch of urls and the authenticated web profile (Transparent with AD auth) never prompts for these sites.