Blocking HTTPS Websites, your How-To
Using the SonicOS 6.2.5.3 or earlier versions of these firewalls, we’ll take a look at how you can block unwanted HTTPS websites, the steps and procedures to follow as well as some of the advanced features to implement.
Starting at the very beginning….
In earlier versions of the HTTPS traffic filtering, IP addresses would carry out the work, and filtering would be carried out based on these IP server addresses.
When we talk about Content Filtering, this applies to all domains entered within lists you create as well as those that match these lists (Match Objects), which can all be entered in your Allowed and Forbidden lists.
These points can be found with the Firewall application pages.
Ultimately, what this means is that when you enable Filtering for HTTPS Content, the information will be scrutinised under CFS, Configure, CFS window.
This CFS setting is globally applied and relates to:
- Forbidden Domains
- Allow Domains
- CFS Allow/Forbidden List (App Rules)
- CFS Category List (App Rules)
Keyword Blocking
From here you can get hostnames in two particular ways:
1. Finding the hostname to get rating info, by examining SSL Hello. If upon examination, you discover it supports the SSL server name and extension, you will be able to find the hostname in SSL Hello Client.
2. Finding the Common Name, again, by examining the Server Hello certificate.
How to block HTTPS Content
To ensure that the content you want to block is 100% blocked, you also need to configure this for HTTPS.
To do this, you need to log in to your SonicWall management system and choose the Security Services and Content Filter tab.
From here, within the Content-Type, make sure SonicWall CFS is selected and click on Configure.
Finally, change this to Enable and to make sure all changes are saved, click OK.
Users and Zone Screens
Within the SonicWall firewall settings, you can also add the custom list for Allow or Forbidden in CFS by selecting zone and user screens through CFS Policy Assignment heading.
Once this has been changed, make sure to click accept.
Within the Content-Type, click Configure once, and only once, SonicWall CFS has been selected.
Then you can move on to the Custom tab list.
To add custom lists, click on the Add button below the Forbidden Domains box and enter the sites/apps that you would like to block.
When you’re finished, click OK to save changes.
How to configure your custom policies to include your Allow/Forbidden list
Whatever has been included within the Forbidden box automatically applies to default policies.
However, to ensure the same applies to the Custom CFS policy, this needs to be manually agreed and input.
To do this, locate the Customs CFS Policy, Edit, and click on the Settings tab.
Change the field Source to Global for Forbidden Domains and click OK.
How, using App rules, you can add Allow and Forbidden Customised Lists to CFS
Going back into Security Services and locating the Content Filtering Page, make sure to choose App Rules found in CFS Policy Assignment – then click on Accept.
To match objects…
Open up your SonicWall firewall settings and find Match Objects. Choose the option Add New.
Here you will then be able to add your customised list of forbidden and allowed websites and domain names by selecting CFS Allow or Forbid.
You also have the option of loading such lists from files containing the names of your chosen domains – however, note, each domain should be on a separate line to the previous for it to be recognised, and there is a maximum file size of 8192 bytes.
Custom List Objects differ from CFS zones and users as it can’t be used as a standalone as it will only appear with a CFS Category List.
In these instances, it’s important to set your App Rules.
To do this, you need to go into your SonicWall application control and look for the App Rules.
Here you can tick the box to Enable and choose to Add New to create your own App Rules.
All messages recorded
SonicWall firewalls are sophisticated security applications used to provide you with maximum protection.
As such, they also provide you with detailed log messages showing users when CFS has blocked HTTPS websites.
Note: Users can’t and won’t see full logs, only that the page they have requested is not permitted at this time.
To find out more about SonicWall and how we can help protect you and your users further, call us on 0333 2405667 or visit this page.
Read the next article: How your SonicWall Firewall can protect you against even the worst cyber attacks
Comments
No posts found