cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Block a URL string in Web Control ePO policy?

Jump to solution

We need to block any website URL's with a specific text string inside of them. For example, want to block access to any URL that contains "bob=123456" in it.

An example URL we would want to block would be afakeurl.com/dir/file.php?bob=123456

I've created a block policy where the site pattern is just bob=123456 but it doesn't seem to be working. Is this the correct method?

Labels (2)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Hi @andrewfcone 

Web Control doesn't check for matches in the middle or end of URLs as mentioned in the article https://docs.mcafee.com/bundle/endpoint-security-10.6.0-web-control-product-guide-windows/page/GUID-...

We can block only by fakesite.com/folder1/ or fakesite.com/folder2/. So if anything has fakesite.com/folder1/brb12344 will be blocked. 

Just tested it and it is working fine. So the way you need the pattern not supported at this point. This needs to be submitted as a product enhancement request.

View solution in original post

6 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: Block a URL string in Web Control ePO policy?

Jump to solution
Highlighted

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Hi Patrakshar! Thank you for the reply!

So the only way to block that string is to have it include a / ?

So, it sounds like for afakeurl.com/dir/file.php?bob=123456 I would need to add block policy of /file.php?bob=123456

Unfortunately the filename isn't always consistent, but that string is. At least this can give us partial blocking as we find out the filenames.

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Hi @andrewfcone 

It will anything after the domain.

For afakeurl.com/dir/file.php?bob=123456 you will need pattern "/dir/"

The php file level block is not  possible . It will be good for a product enhancement request following the article https://kc.mcafee.com/corporate/index?page=content&id=KB60021

Highlighted

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Thank you again for the fast reply!

Hmm. The scenario is that there is a phishing kit that is targeting us, and the target URL that the phishers want users to click will have a domain name and sub-folder that are always different... the only thing that is consistent is the file.php?bob123456

So if I create a block for /file.php?bob=123456 will it block access to these two potential URL's?

  • fakesite.com/folder1/file.php?bob=123456
  • fakesite.org/folder2/file.php?bob=123456

Or would that rule only block access to file.php?bob=123456 from the root of that domain? So only fakesite.com/file.php?bob=123456  ?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Hi @andrewfcone 

The best way to block this URL will be using WebGateway. As per the Webcontrol pattern in question, it should be just /folder1/ or /folder2/ which should block fakesite.com/folder1/ and fakesite.com/folder2/. Let me see if I can find any other solution for you that might help blocking the URL. I will update this post. 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7

Re: Block a URL string in Web Control ePO policy?

Jump to solution

Hi @andrewfcone 

Web Control doesn't check for matches in the middle or end of URLs as mentioned in the article https://docs.mcafee.com/bundle/endpoint-security-10.6.0-web-control-product-guide-windows/page/GUID-...

We can block only by fakesite.com/folder1/ or fakesite.com/folder2/. So if anything has fakesite.com/folder1/brb12344 will be blocked. 

Just tested it and it is working fine. So the way you need the pattern not supported at this point. This needs to be submitted as a product enhancement request.

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community