Blocking Sub-Domain Access in BorderManager



By: phxazcraig

September 26, 2007 4:02 am

Reads: 215

Comments:0

Rating:0

Problem

A Forum reader recently asked:

“I been observing that sub-domains can be accessed when the main domain is blocked. For example, content.movies.myspace.com can be access when www.myspace.com is in the ACL list as blocked. Can wildcards be used like when filtering file extensions? Will *.myspace.com work as a filter?”

And here’s the response from Craig Johnson …

Solution

Yes, wildcards can, and should, be used in access rules. It is typical to have entries like these:

*.domain.com
*.domain.com/*

(These would both be in the same rule, though you would think the second rule would cover all bases).

Note that you can’t use a https rule – it will be ignored. You can, however, use a port 443 rule blocking a domain, and some people here have reported success with a rule like www.domain.com:443/*.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags:
Categories: BorderManager, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Comment