1 Reply Latest reply on Mar 16, 2015 4:53 PM by jstormo

    Blocking Internationalized Domain Names


      I'm trying to figure out how to block domains and domain suffixes which are using an internationalized domain name. The names begin with ascii xn-- and continue from there. An example site would be: xn--rksmrgs-5wao1o.josefsson.org.

      I've tried wildcard/regex matching for "*xn--*" being in domain but that doesn't seem to work and ruletracing is showing the site hitting as: http://r%C3%A4ksm%C3%B6rg%C3%A5s.josefsson.org/ when web gateway sees it. I've also tried blocking "*%*" in the domain name but also no success. Any idea on how I should go about this?

      Goal: Block sites using IDNs within domain or domain suffix.