Block HTTPS traffic for particular group

[sridharraj80]

Hi ,

Can anyone help out how to block https traffic for a particular group alone in R60 .

Thanks in advance.

Sridhar

[MarioL]

How do you define that group?

If it's a subnet, group or range of IPs, you can just create a rule before the allow like this:
Group - Any - HTTPS - Drop

If you want to block users, then you will need to have them authenticated on FW-1 so you can have a more granular access control.

I do however prefer to deny anything by default and always work with allow rules, so I would probably try to do this by giving HTTPS to another group, rather than blocking this one.

[sridharraj80]

Hi ,

Thanks for the reply .. This is a particular Subnet based group. And i wanna block https://gmail.com, https://mail.yahoo.com kind of sites for accessing for those subnet..

Will URI filtering be the best one for this. Please suggest on this.

sri

[MarioL]

If you wanted to block HTTP sites you could create URI resources, group them and then block those.
For example Gmail could be defined like *.gmail.com, with * in path too.

Then you would create a rule like this:
Subnet - Any - HTTP->Resource group - Drop

I just checked on the GUI and it seems to allow you to use HTTPS too, so you can try that. It's not a very scalable process though, most ppl get proper URL filtering.

[sridharraj80]

Hi Thanks for the reply,

I have configured and tested it sucessfully.. Thanks for the reply again.. Now again my company wants me to customize block page (error page) .

How do i customize this ? Please help me out in solving this..

thanks in advance.

[abusharif]

Quote:

Originally Posted by sridharraj80

Hi Thanks for the reply,

I have configured and tested it sucessfully.. Thanks for the reply again.. Now again my company wants me to customize block page (error page) .

How do i customize this ? Please help me out in solving this..

thanks in advance.

you have the tab on uri resource object called action, where you can enter replacement/redirect url. You could point it to error html page that resided on a webserver you have.