Jump to content


Photo

How to block a website on ng firewall

firewall block url ip rule.

  • Please log in to reply
13 replies to this topic

#1 Sergiu

Sergiu
  • Members
  • 10 posts

Posted 22 December 2014 - 01:26 PM

Hello Geeks please help I have barracuda ng firewall 200 and I want to block access to a website this one http://www.oogle.com because lan user by mistakes they type http://www.oogle .com not www.gogle.com. I checked and found IP of this site and entered rule firewall to block trusted to the IP of http://www.oogle.com block. when I type website url http://www.oogle.com it can acess with no problem when I do by IP isn't working.How can I block URL local from NG firewall.(I don't have web flex.) Please help. :(



#2 Michael Mack

Michael Mack
  • Members
  • 5 posts

Posted 22 December 2014 - 02:11 PM

Hello Segiu,

 

you have some possibilities to achieves a block of www.oogle.com.

 

The easiest one will be to create a DNS Object Object for "www.oogle.com"

Open your Ruleset -> Firewall Objects -> Networks -> Right Click -> New

 

Choose Hostname (DNS Resolved) as Type and enter "www.oogle.com" as Name. Hit OK.

The NG should constantly resolve www.oogle.com and it current IP address.

 

Now you can use this object as a destination in a firewall rule. Theis one must be above the rule where you allow your outgoing web traffic.

 

Michael



#3 Sergiu

Sergiu
  • Members
  • 10 posts

Posted 22 December 2014 - 04:18 PM

Still didn't work Thank you Michael for your advice :

I did like that I went to  Firewall objects ->under Static I right click then NEW Type I put Hostname DNS Resolved then on name I put http://www.oogle.com  DNS lifetime (sec) I left 600

then under Include entries I added the IP 69.65.50.3 which is http://www.oogle.com

then I went to access Rule

created a new rule I used Block then at source I put our Trusted network : Service I put all : Destination I press drop down arrow I selected

the object http://www.oogle.com under it appear 69.65.50.3 then I put the rule on top this is the first rule from top to bottom send changes then activated 

Went to my local computer typed IP 69.65.50.3 it went to block)

if I put on web browser http://www.oogle.com it went to(it didn't block anything)

When I looked on history I see that it use the rule trusted to world 0.0.0.0 which is under block rule I created above.

then I used denied rule is the same thing.

It looks like it can't see the rule .

Any other ideas. I hope I was explicit.



#4 Mario Pirker

Mario Pirker
  • Barracuda Team Members
  • 112 posts

Posted 29 December 2014 - 03:11 AM

Hi Sergiu,

 

if the wrong rule is matching, any of the conditions source IP, service or destination IP is not matching. What IP Addresses do you see on the history? Does the correct rule match if you use the "Rule Tester" inside the Forwarding Firewall Ruleset?

 

Thank you.

 

Best regards,

Mario



#5 Michael Mack

Michael Mack
  • Members
  • 5 posts

Posted 07 January 2015 - 08:46 AM

Are you sure your PC is part of the trusted Network range?



#6 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 21 January 2015 - 11:27 AM

hi Sergiu,

First thing - when using "Hostname" type network objects, you do not need to include any IP addresses manually. That's the whole point of using DNS in firewall ruleset, right?

Second - to make this type of network object work, your NG must be able to resolve domain names (if your PC can resolve address, even using NG as a DNS server, it does not mean your NG can). This can be verified in Firewall > Dynamic > Dynamic Rules (bottom part, you should see www.oogle.com and its IP address).

 

BTW, alternative way to block a website is to use a Custom Application in Application ruleset (in this case you can block only http/https traffic)



#7 Karl

Karl
  • Members
  • 7 posts

Posted 07 November 2016 - 07:20 AM

Ok...sorry to bring up an old thread but this is exactly what I am trying to do. And I am pulling my hair out because it really shouldn't be this difficult. 

 

I have tried all the usual (add the IP / URL to a new Block rule etc) ways but it still let me access the website. All I want to do is be able to say 'Hey, NG-F201, block access to www.dailymail.co.uk at all times please. Thank you'

 

But it won't. Sometimes after I have added a rule it takes ages to load the page, but it still loads eventually. I have added an application rule:

Block   Application:Any   URL Filter Match:Any   Content:Any   User:Any   Schedule:Any   Action:Deny   URL Filter:N/A   Source:Any   Destination:www.dailymail.co.uk

 

Now that should block all users access to that site at all times, yes? It doesn't.

 

Help...?

 

I have worked in IT for years now and even though I am not a network expert, I am usually OK at figuring these things out...but not this firewall. The UI is one of the worst I have ever used if I'm honest, it's just not user-friendly in the least. 



#8 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 208 posts

Posted 08 November 2016 - 02:56 AM

Hi,

If you have a licensed URL Filter,

  1. Configure URL Filtering in the Firewall: https://campus.barra...gURLFiltering/
  2. Create a URL Filter Policy Object and as a custom URL enter dailymail.co.uk in the block section.  https://campus.barra...RLPolicyObject/
  3. Create an access rule matching the HTTP traffic of your clients and enable Application Control and URL Filter
  4. Create an application rule matching the same HTTP traffic of your clients. Use Any as the application and in the Policies section select the URL filter object with the custom URL you just created.
  5. Clear your browser cache and try to access the site, you are redirected to a custom block page.

Troubleshooting:

Go to the Firewall > Live and Firewall > History pages and filter your connection to check which access rule and application rule matches the traffic going to the site.

 

Alternative: You could also use DNS Interception,but using the URL Filter would definitely be the preferred method. If you decide to use DNS Interception, be sure to clear ALL DNS Caches (internal DNS server / Client / browser) when testing.

https://campus.barra...SInterception/



#9 Karl

Karl
  • Members
  • 7 posts

Posted 08 November 2016 - 05:45 AM

OK...I think I finally got it working - thank you.

 

I'm still playing about with adding further URLs to the same filter object, and I have to set the time object correctly, but I think we might be on the right track at last. I think my issues were based around the fact I was trying to just have a rule that simply said block access to www.website.com whereas I have to create custom filter objects with the right URL and add it into an application policy that is then applied to an access rule. 

 

Cheers  :)



#10 Stefan Hora

Stefan Hora
  • Barracuda Guru
  • 148 posts

Posted 09 November 2016 - 11:47 AM

Instead of blocking individual URL's it is much better to use the Webfilter which is included in the energize Update.

https://campus.barra...RLPolicyObject/

 

E.g. www.oogle.com is classified as pornography by Barracuda: http://barracudacentral.org/lookups/lookup-reputation

 

So if you use the Webfilter and block categorie pornography then you don't just block www.oogle.com but all the othe "unwanted" websites.

And you still can add single websites under custom URLs/Allow/Block list if needed.



#11 Karl

Karl
  • Members
  • 7 posts

Posted 10 November 2016 - 04:36 AM

I think I spoke too soon...

 

I have followed, I think, all the instructions from the various links.

I have an Access Rrule in place (LAN-2-INTERNET) that governs our main web traffic. This has URL filtering enabled under Application Policy. The rest of the rule is:

Action: Pass Dynamic SNAT   Service: ALL   Source: Trusted LAN Networks   Destination: Internet 0.0.0.0/0   AppControl: URL Filter   Schedule:Always

 

I have then gone into Application Rules and added one like this:

Application: Any   URL Filter: Any   Content: Any   User:Any   Action:Pass   URL Filter policy: 'worthless'   Time Objects: Office hours   Source:Trusted LAN   Destination: Any 0.0.0.0/0   URL Filter matching: Any   Protocol: Any   Content:Any   Dynamic:Yes

 

...yet it still doesn't work. The 'worthless' URL Filter object only contains a few URLs but this rule blocks none of them.

 

Please...what have I got wrong? Even if I change it to Always on, not Dynamic it will still fail to do anything. I can open a browser and type in a URL that exactly matches one int he filter policy and it will just open right up, like the rule isn't even there.

 

 

Thanks 



#12 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 208 posts

Posted 10 November 2016 - 04:59 AM

A couple of things to check:

* Is the Energize Update subscription valid?  (without it the URL filter is not licensed)

* Do not use "dynamic". Dynamic would mean that you can enable /disable the rule via SSL VPN/ NG Admin without access to the ruleset. This is normally used for things like toggling temporary management access.

* check that the time/timezone on the firewall is correct and that you have configured an NTP server to keep the time current. If the time is off, your schedule object may not work as you would expect it to.

 

I would recommend that you contact Barracuda technical support. They can look at your setup and assist you to get this working!



#13 Karl

Karl
  • Members
  • 7 posts

Posted 10 November 2016 - 05:27 AM

Energise update is valid until 2017, like the URL filter.

I used Dynamic because of this link, where it says to do so:

https://campus.barra...e+Time+Objects/

 

"Defines the time policy that will be assigned to the marked time intervals in the calendar below. SetAllow means, that the according firewall rule (with enabled Dynamic Rule checkbox) is activated for the defined time period."

 

...but I have set it to Always and it still doesn't work.

 

The timezone is OK and I have configured two NTP servers.

 

I'll keep playing and then contact support if I can't get it to work...   :(



#14 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 208 posts

Posted 10 November 2016 - 05:39 AM

Sorry for the misleading information in the article. I corrected the campus article. Dynamic has nothing to do with time objects. Since 5.4. is no longer supported (i.e. not receiving security fixes)  I would also highly recommend updating to one of the currently supported firmware versions (6.0 / 6.2 / 7.0).