URL Whitelist Nightmare

Reply
Highlighted
L3 Networker

URL Whitelist Nightmare

I've tried without luck to add the URL 'addons.mozilla.org' to a whitelist. This URL falls under the 'shareware-and-freeware' category. This category is blocked. That's why I need to specify this explicitly in the whitelist. It just won't work.

My monitor tab shows it is allowed for that traffic, but looking at logs for URL filtering, I see it being block-url.

I've noticed that this had some other prefixes so I tried different combinations (below), with no luck:

*.addons.mozilla.org

addons.mozilla.org

addons.mozilla.org/

Any ideas?


Accepted Solutions
Highlighted
L5 Sessionator

Hello Martin,

Please add below URLs in allow list:

addons.mozilla.org

addons.mozilla.org/

addons.cdn.mozilla.net/

Regards,

Hari Yadavalli

View solution in original post


All Replies
Highlighted
L4 Transporter

What are the details for why it's being blocked?

Highlighted
L5 Sessionator

Hi Martin,

Can you please attach the snapshot for the URL filtering logs where it says block-url. Thank you.

Highlighted
L3 Networker

Not sure of the details you are referring to. I just get:

Category: shareware-and-freeware

Application: ssl

Action: block-URL

Highlighted
L5 Sessionator

Application might be the issue here. With snapshot I wanted to look at the actual URL that was under URL Filtering logs.

In an SSL session, firewall does not have visibility on the HTTP GET message as that is also encrypted. I believe you do not have ssl decryption on the device?

You will need ssl decryption to allow or block ssl site with specific URLs. Hope this helps. Thank you.

Highlighted
L3 Networker

Highlighted
L3 Networker

I really doubt this has anything to do with SSL decryption. If I allow 'shareware-and-freeware' it works fine. I don't want to allow all access to shareware and freeware for security purposes though.

Highlighted
L5 Sessionator

With that URL it should have worked.

Could you try following :

Instead of putting the URL, configure Custom URL Category and add

addons.mozilla.org

*.addons.mozilla.org

In separate lines. Remove the entries in the allow list under URL Filtering Profile. Then change the action to Alert for the custom category in the same URL Filtering profile. Commit the changes. Navigate to the site and see if the category still shows up as Shareware or new Custom Category. Please do attach the snapshot as well after making and committing those changes. Thank you.

Highlighted
L5 Sessionator

Hello Martin,

Please add below URLs in allow list:

addons.mozilla.org

addons.mozilla.org/

addons.cdn.mozilla.net/

Regards,

Hari Yadavalli

View solution in original post

Highlighted
L3 Networker

Spot on...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!