Easy Method to Block Entire Countries

Reply

glentc Posted: 28 Oct 2010 7:44

rated by 0 users

There should be a quick & easy way to block an entire country's domain without having to resort to CPU hogging Regex. This should also include the country's IP ranges.

Reply

Samantha replied on 28 Oct 2010 8:13 PM

rated by 0 users

 ----- Each country has a specific URL for the search engine. For example, Google in the United Kingdom uses google.co.uk.
 you can block the URLS from certain country such as the United Kingdom by adding the regular expressions (policy management>filter components>edit categories>add a new category and save >advanced >regular expression)
 For example: you can add www.*.uk  ,then www.goole.uk would be blocked, but www.goole.com and www.google.hk should be permitted.

http://www.websense.com/support/article/t-kbarticle/v7-Using-regular-expressions-in-filtering-1258048445049

-----For the FTP or instant messaging, etc .You can edit the port range and IP address range to block the protocols .(policy management>filter components>edit protocols>add)

 Does this help you with your query? If in case it’s not correct, I can enter your request into our Feature Request Tracking System.

Reply

glentc replied on 2 Nov 2010 5:59

rated by 0 users

Thank you for your reply Samantha, but I was hoping for a non-Regex solution. I've seen other security products where you can block destination traffic simply with IP ranges. However with Regex, it's rather tricky and is a huge resource drain within Websense. I'm not a regular user of Regex, but just to show how picky Regex can be, let's look at your www.*.uk example

That expression will work just fine with the following address;

http://www.bbc.co.uk

But it will fail with the following addresses;

http://WWW.BBC.CO.UK    [Regex is case sensitive]

http://www.bbc.co.uk.com  [Your Regex expression doesn't test past .uk]

It'll probably require a lot of further testing, but one would probably have to use the following Regex expression to block *.uk domains.

.*\.[Uu][Kk]($|[^a-zA-Z0-9_.])

With all that extra CPU overhead with testing with Regex, we haven't even entered the IP ranges to be blocked.  I just want a simple non-regex way to block entire countries.

Reply

Yuting_W replied on 2 Nov 2010 7:33 PM

rated by 0 users

Hi,

Thank you for sharing the Regex with us.

Your request has been entered into our Feature Request tracking system, and our Product Management team will review it within the next 30 days.  When the request is reviewed, the product manager will decide whether to accept this for future consideration or ask for more information.  Please note that Websense receives a high volume of feature requests, and as such Websense cannot include all of these requests in the next product release.  That said, the product team is constantly revisiting the list of requests to determine the features that have been most frequently requested, so that the highest priority features are addressed.

We look forward to your continued participation in the Websense community and welcome your active involvement in our product direction.

Thank you.

Susie

Reply

hello? replied on 22 Nov 2010 3:56 PM

rated by 0 users

Please add my company as requesting this feature request as well.

We would like to block by geo-location as well.

t

Reply

Yuting_W replied on 22 Nov 2010 7:12 PM

rated by 0 users

Hi t,

I tracked the FRs system and added your company into the same FRs subject. The status for this Feature Request is New currently.

Thank you for your patience.

Best regards

Reply

J Sloan replied on 23 Nov 2010 7:08

rated by 0 users

I'd personally like to see some sort of geolocation get added to the product.. but this would cause filtering to be delayed while we check the geolocation of every ip address against some database in the cloud.  Then we could have a list of every country and you can selectively check which ones you want to block. 

Reply

Yuting_W replied on 31 Mar 2011 6:40 PM

rated by 0 users

Hi all,

This request is now under consideration.

Reply

mwingrove replied on 13 Apr 2011 11:40

rated by 0 users

Why are we jumping through hoops with regex expressions? There should be TLD section in the Filter to simply check / uncheck TLD's (mostly countries), to allow or block. I find it baffling that this was not (is not) in the system to begin with!!!

Reply

glentc replied on 18 Apr 2011 6:13

rated by 0 users

Checkpoint firewalls do this, I can't see why other vendors can't offer geolocation to their products. From what I've seen with Checkpoint, they show the map of the world and you can simply block whole countries & regions with a single mouse click.

Reply

Ray Pesek replied on 1 Jan 2012 1:00 PM

rated by 0 users

Check Point uses this vendor for their service: http://software77.net/geo-ip/

Imperva is now offering a geo location blocking service as well but I don't know who they use. Now that IPv4 is almost completely allocated I wouldn't think it should be too hard to keep current.

Ray

Reply

CommBevh replied on 7 Feb 2012 2:51 PM

rated by 0 users

To use a regex to block a country in Websense.....to block say India

\.in/|\.in$

This will block India.  You can replace the IN with any country code. 

I have a new problem now.  We block India.  However, Linked in uses lnkd.in in their URLs so I'm trying to figure out how to keep India blocked but allow Linked In redirects.

Bev

Reply

Ray Pesek replied on 7 Feb 2012 3:21 PM

rated by 0 users

The problem is that blocks a country specific domain but does not block the country if they are using .com or similar. The URL redirect site of bit.ly uses the country specific domain for Libya.

The other problem is that while IP address registries tell you where the IP is registered, it does not tell you where it is used. We had a Class B at my last job and while it is registered at ARIN as Ohio, we used some Class C subnets in the UK, Dubai, Thailand, China and I'm sure a few more countries I don't remember any more.

It's better than nothing but certainly not comprehensive.

Ray