Improving filters with wildcards!
Overview
NG Firewall supports the use of wildcards (*) in most rules. These can make your life a great deal easier!
Wildcards in Web Filter
For example, let's take Web Filter. Web Filter is a very literal application, in that it does exactly what you tell it to do. You might try entering facebook.com into Web Filter's Block Sites page, only to find it doesn't block Facebook. This is because of the difference between the two URLs: facebook.com vs http://www.facebook.com.
Since the two are different, Web Filter doesn't know that you meant the second one when you entered the first one; it's just looking for exactly facebook.com. In this case, you'd want to use some wildcards, so change your Block Sites entry to:
- *facebook.com*
This will tell Web Filter to look for anything that has facebook.com somewhere in the URL, so here are some other examples of things it might catch:
- facebook.com
- www.facebook.com
- http://facebook.com
A caveat is that again, Web Filter is very literal. If you create a Block Site entry for *.facebook.com* — note the extra dot before the domain — Web Filter will require that the URL contain .facebook.com with the extra dot. This may lead to unpredictable and inconsistent blocking results! This is why it's important not to leave the dot before the domain.
Wildcards in other apps
This same logic applies to other applications & configurations. You might use wildcards in SSL Inspector to ensure an 'inspect' rule catches the appropriate site, in Policy Manager to move all Apple devices by MAC Address Vendor, or even in Web Filter's Pass Sites tab to allow a website that would normally be blocked by a Category.
For more information about blocking specific websites which can be difficult to block with just Web Filter, check these articles:
- How do I block Facebook & YouTube?
- How do I block Spotify?
- I blocked a site but I can still access it!
Comments
0 comments
Please sign in to leave a comment.