cancel
Showing results for 
Search instead for 
Did you mean: 

URL Blocking

Jump to solution

we're enabling URL blocking for certain sites.

   On Access Control > Enabled  Access Control on Internet

   Web Lists > URL Block : youtube

This setting blocked youtube access from our LAN (172.x.x.x).  However this setting also prevents access from Internet to our webserver on DMZ (28.x.89.x)

We tried adding Web lists > URL allow : xxx (site is www.xxx.com) but still the same.

We also tried

On Access Control > Enabled  Access Control on Private

  Web Lists > URL allow: xxx

    Web Lists > URL Block : youtube

But this also blocked the access from internet to out webserver on DMZ.

I do not know what else to configure but it seems if there's URL on Block, web is being blocked globally.

BTW, this is a SG580 Version 3.2.1. The Network interfaces are

LAN: 172.x.x.70 (port A1)

DMZ: VLAN3  28.x.89.1 (port A2)

Mgmt Net: VLAN4  10.x.x.1 (port A3)

Internet: VLAN5  28.x.19.226 (port A4)

PLease help!

Message was edited by: rmp.dmd1229 on 4/23/10 8:43:54 AM CDT
1 Solution

Accepted Solutions
rcamm
Level 13
Report Inappropriate Content
Message 2 of 5

Re: URL Blocking

Jump to solution

the best way in this scenario is to use a

firewall -> packet filtering -> customer firelwall rule

like

iptables -t nat -I ContFilt -d 28.x.89.x/y  -j RETURN

and this will ensure this host/network never goes near URL filtering

4 Replies
rcamm
Level 13
Report Inappropriate Content
Message 2 of 5

Re: URL Blocking

Jump to solution

the best way in this scenario is to use a

firewall -> packet filtering -> customer firelwall rule

like

iptables -t nat -I ContFilt -d 28.x.89.x/y  -j RETURN

and this will ensure this host/network never goes near URL filtering

Re: URL Blocking

Jump to solution

thank you very much Ross.

that solved it!

Re: URL Blocking

Jump to solution

ive been researching what this line means:

iptables -t nat -I ContFilt -d 28.x.89.x/y  -j RETURN

but I cannot find a suitable answer. kindly shed some info.

Thanks!

rcamm
Level 13
Report Inappropriate Content
Message 5 of 5

Re: URL Blocking

Jump to solution

It means to bypass the ContFilt chain for destination host/net 28.x.89.x/y

As such the packets will not be redirected to the access control proxy