Helpful ReplyHot!How do I block specific "sites.google.com"

Author
Mbutler522010
Bronze Member
  • Total Posts : 31
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/02/21 17:00:56
  • Location: Washington State
  • Status: offline
2015/10/27 09:26:40 (permalink)
4 (1)

How do I block specific "sites.google.com"

We have the google FQDN's opened per their suggestion ( https://support.google.com/a/answer/2589954?hl=en ) and ( https://support.google.com/drive/answer/6163291 )
 
the kids have discovered a number of gaming sites on google homepages, all seem to be named "unblocked games" i.e.
https://sites.google.com/site/unblockedgames4me
https://sites.google.com/site/unblockedgames77
https://sites.google.com/site/punblockedgames/
 
The problem is that blocking google by address doesn't seem to work as every request seems to use a different one, and I don't know why but I don't seem to be able to block by name.
 
I put in a simple IPV4 policy, source = any,  Destination = "sites.google.com/site/unblockedgames4me",  block
and it doesn't work.  because it is a block there is no SSL inspection or anything like that....
 
When I look at the log there is nothing that says "sites.google.com/site/unblockedgames4me" just "encrypted-tbn1.gstatic.com" but I don't want to block all of google, just the few sites.
 
Can anyone help?

Attached Image(s)

#1
gschmitt
Gold Member
  • Total Posts : 301
  • Scores: 14
  • Reward points: 0
  • Joined: 2015/04/21 04:25:35
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/10/28 00:18:09 (permalink)
0
Don't use a FQDN Object for Webfiltering
Please go to Security Profiles > Webfilter and select your used Webfilter
Check Enable URL Filter and click Create New
Enter your URL, make sure Enable is checked and hit OK and Apply
Make sure the Webfiltering Profile is selected for your internal to wan policy
#2
Mbutler522010
Bronze Member
  • Total Posts : 31
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/02/21 17:00:56
  • Location: Washington State
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/11/03 11:03:59 (permalink)
0
unfortunately that doesnt work. I tried it, the logs showed 2 blocked packets, then success to a different address and the website came up. I am going to have to open a support ticket on this I think.
#3
Allwyn Mascarenhas
Silver Member
  • Total Posts : 89
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/08/25 03:05:38
  • Location: Dubai, UAE
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/11/03 21:00:12 (permalink)
0
Just go through this and you will get the idea on how to do it.
 
What you did failed exactly because it had no ssl inspection as you said. Also don't forget to block google's new quic protocol.
 
so many people are struggling with this because of their quic thing now..we should have a sticky post with a checklist for webfiltering.
#4
Mbutler522010
Bronze Member
  • Total Posts : 31
  • Scores: 3
  • Reward points: 0
  • Joined: 2014/02/21 17:00:56
  • Location: Washington State
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/11/05 13:29:10 (permalink)
0
thanks, I will give it a try
#5
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/12/08 12:26:13 (permalink)
0
Did you figure this out? I haven't gotten it working yet either, but I did just disable QUIC. I opened a support ticket to ask FG, but didn't know if you had it working to block the "unblocked" Google sites yet, yet leave all the other Google sites open.
#6
AlexFeren
Gold Member
  • Total Posts : 129
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: How do I block specific "sites.google.com" 2015/12/08 21:58:39 (permalink)
0
Mbutler522010
unfortunately that doesnt work.

I believe it's working for me:
 
FG60C (root) # show firewall policy 18
config firewall policy
    edit 18
        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
        set comments "Block Ads"
        set av-profile "Block_Virus_Botnet_AV"
        set webfilter-profile "Block_Ads_Security_WF"
        set application-list "Block_Botnet_AppCtrl"
        set profile-protocol-options "default"
        set ssl-ssh-profile "Deep-inspection with HSTS Exception"
    next
end
FG60C (root) # show webfilter profile Block_Ads_Security_WF
config webfilter profile
    edit "Block_Ads_Security_WF"
        set ovrd-perm bannedword-override urlfilter-override fortiguard-wf-override contenttype-check-override
            config override
                set ovrd-scope ask
                set ovrd-dur 2h
                set ovrd-user-group "Local Users Group"
                set profile "monitor-all for override"
            end
            config web
                set urlfilter-table 1
            end
            config ftgd-wf
                unset options
                set category-override g01 g02 g04 g05 g06 g07 g21 142 140 141
                set ovrd 8 13 14 g05 17
                    config filters
                        edit 17
                            set category 17
                            set action block
                        next
                        edit 26
                            set category 26
                            set action block
                        next
                        edit 61
                            set category 61
                            set action block
                        next
                        edit 86
                            set category 86
                            set action block
                        next
                        edit 87
                            set category 13
                            set action block
                        next
                        edit 88
                            set category 8
                            set action block
                        next
                        edit 89
                            set category 14
                            set action block
                        next
                    end
            end
    next
end
FG60C (root) # get webfilter urlfilter
*id    ID.
1  Block_Ads_Security_WF   

FG60C (root) # show webfilter urlfilter 1
config webfilter urlfilter
    edit 1
        set name "Block_Ads_Security_WF"
            config entries
                edit 1
                    set url "s.yimg.com/gs/apex/mediastore/*"
                    set type wildcard
                    set action block
                next
                edit 2
                    set url "sites.google.com/site/unblockedgames4me"
                    set type wildcard
                    set action block
                next
            end
    next
end
FG60C (root) # execute log filter reset
FG60C (root) # execute log filter category utm-webfilter
FG60C (root) # execute log filter field urlfilteridx 1
 
Now, from my machine, X.X.25.70, issue :
$ curl -ik https://sites.google.com/site/unblockedgames4me
:
        <p>
          The page you have requested has been blocked, because the URL is
          banned.
        </p>
:


On Fortigate get:
FG60C (root) # execute log display
11 logs found.
10 logs returned.
1: date=2015-12-09 time=17:02:32 logid=0315012544 type=utm subtype=webfilter eventtype=urlfilter level=warning vd="root" urlfilteridx=1 urlfilterlist="Block_Ads_Security_WF" policyid=18 sessionid=463855 user="" srcip=X.X.25.70 srcport=54357 srcintf="internal4" dstip=203.13.161.86 dstport=443 dstintf="wan1" proto=6 service=HTTPS hostname="sites.google.com" profile="Block_Ads_Security_WF" action=blocked reqtype=direct url="/site/unblockedgames4me" sentbyte=102 rcvdbyte=0 direction=outgoing msg="URL was blocked because it is in the URL filter list" crscore=30 crlevel=high
:
 
[Edit: corrected URL]
post edited by AlexFeren - 2015/12/08 23:02:54
#7
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/02/11 14:14:14 (permalink)
0
Sorry for the late reply, but mine still doesn't work. What settings do you have for your "set ssl-ssh-profile "Deep-inspection with HSTS Exception" profile? I believe that might be my issue. With only "set status certificate-inspection" instead of full/deep inspection, then my FG won't block by the wildcard in the Google site URL. If I enable Full (deep) inspection, then Google complains about HSTS issues. How did you get past that issue? 
#8
AlexFeren
Gold Member
  • Total Posts : 129
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/10/05 17:04:08
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/02/11 14:36:36 (permalink) ☄ Helpfulby michellem812 2016/03/01 09:10:23
5 (1)
michellem812
If I enable Full (deep) inspection, then Google complains about HSTS issues. How did you get past that issue?

See "config ssl-exempt" below.
 
FG60C (root) # show firewall ssl-ssh-profile "Deep-inspection with HSTS Exception"
config firewall ssl-ssh-profile
    edit "Deep-inspection with HSTS Exception"
        set comment "Deep inspection!"
            config https
                set ports 443
            end
            config ftps
                set ports 990
            end
            config imaps
                set ports 993
            end
            config pop3s
                set ports 995
            end
            config smtps
                set ports 465
            end
            config ssl-exempt
                edit 1
                    set type address
                    set address "*.adobe.com"
                next
                edit 2
                    set type address
                    set address "android"
                next
                edit 3
                    set type address
                    set address "apple"
                next
                edit 4
                    set type address
                    set address "appstore.com"
                next
                edit 5
                    set type address
                    set address "citrixonline"
                next
                edit 6
                    set type address
                    set address "dropbox.com"
                next
                edit 7
                    set type address
                    set address "Gotomeeting"
                next
                edit 8
                    set type address
                    set address "icloud"
                next
                edit 9
                    set type address
                    set address "itunes"
                next
                edit 10
                    set type address
                    set address "skype"
                next
                edit 11
                    set type address
                    set address "swscan.apple.com"
                next
                edit 12
                    set type address
                    set address "update.microsoft.com"
                next
                edit 13
                    set type address
                    set address "HSTS"
                next
            end
    next
end
 
 
FG60C (root) # show firewall addrgrp HSTS
config firewall addrgrp
    edit "HSTS"
        set member "wikipedia" "Google"
    next
end

 
FG60C (root) # show firewall addrgrp Google
config firewall addrgrp
    edit "Google"
        set member "*.google.com.au" "*.google.com"
    next
end

 
FG60C (root) # show firewall address *.google.com.au
config firewall address
    edit "*.google.com.au"
        set type fqdn
        set fqdn "*.google.com.au"
    next
end

FG60C (root) # show firewall address *.google.com
config firewall address
    edit "*.google.com"
        set type fqdn
        set fqdn "*.google.com"
    next
end

post edited by AlexFeren - 2016/02/11 15:10:55
#9
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/02/11 19:30:31 (permalink)
0
Thank you so much!!! I am much closer on this now. It seems like many websites use HSTS, so if I want to use wildcard URL filters on HTTPS sites, then I should use Full/deep inspection to block the sites I want to block...but then I still need to exempt most everything else. So that's where I'm at now, trying to figure out all the sites I need to exempt. But this is so much closer to blocking the 'unblocked' Google sites - so thank you!!!
#10
jawad
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/28 16:07:39
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/02/28 16:09:11 (permalink)
0
i want to block these and this one also 
https://sites.google.com/site/unblockedgames333/
any working method plz share 
#11
butering
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/02/29 23:05:12
  • Location: Pakistan
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/02/29 23:09:09 (permalink)
0
I m teacher, & my duty to blocked un necessary activities for kids need help to blocked google games site like and example this...
https://sites.google.com/site/huntingunblockedgames
https://sites.google.com/site/coolmathgameszone
 
no success to find can explain in simple words...
#12
michellem812
Bronze Member
  • Total Posts : 50
  • Scores: 0
  • Reward points: 0
  • Joined: 2011/05/11 12:03:24
  • Status: offline
Re: How do I block specific "sites.google.com" 2016/03/01 09:10:18 (permalink) ☄ Helpfulby iogames 2018/08/16 00:45:00
0
Props to AlexFeren for the info on how to do this - I used that info and expanded on it to give me what I needed. You need to use Deep/Full SSL inspection to restrict on the words in the URL, and if you deploy certificates I think it is easier to configure the Fortigate, but I did not want to install certificates. So instead you have to do what AlexFeren suggested - use the Deep/Full SSL profile, but also exempt most sites/categories due to HSTS, so that the end users don't get a web prompt to 'continue to this site' for most sites. If you do not require end-users to install a certificate on their device, then it is a matter of playing with the "firewall ssl-ssh-profile" exemptions to get around Chrome's HSTS restrictions but still block what you want.
#13
james0007
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/13 08:00:55
  • Status: offline
Re: How do I block specific "sites.google.com" 2018/03/13 08:03:46 (permalink)
0
Now a lot of sites like https://unblockedgames66sites.com/ coming up once again, How can we block these?
post edited by james0007 - 2018/03/27 22:20:17
#14
Jump to:
© 2018 APG vNext Commercial Version 5.5