Knowledge Base  >   Firewall  > 

Block most of the websites except for a few only

This note will demonstrate how to use URL Filter to block most of the websites from some hosts and allow only a few. while other LAN clients can access the Internet without restriction. This application is ideal for organizations like libraries providing computers at their lobby for the visitor to search for resource and services on their websites, but don't want the visitor to use those computers for other uses.

1. Create Keyword Object for the company's homepage: Go to Objects Setting >> Keyword Object, click on an Index number to edit.

  1. Enter profile Name
  2. In Contents, enter the keyword of the website's URL of which you would like to pass.
  3. Click OK to save.   

2. Similarly, create another Keyword Object for Google services.

3. Create a URL Filter to pass websites of which URL contains the keyword: Go to CSM > URL Content Filter Profile, click on a profile Index to edit.

  1. Enter Profile Name.
  2. Set Priority to "Either: URL Access Control First"
  3. Enable URL Access Control
  4. Set URL Access Control Action to "Pass"
  5. Click Edit and, in the pop-up window, select the Keyword Objects of the URL you would like to pass.
  6. Click OK to save the profile. 

4. Create a DNS Filter profile to filter HTTPS websites: Go to CSM >> DNS Filter Profile, click on a profile number to edit,

  1. Enter Profile Name.
  2. Set UCF (URL Content Filter) to the profile created in Step 3.
  3. Click OK to save.

5. Apply the URL Filter to Firewall Filter Rule: Go to Firewall >> Filter Setup >> Data Filter Set (Set 2), click on a Filter Rule Index to edit.

  1. Enable this Filter Rule
  2. Set Direction to "LAN/RT/VPN->WAN."
  3. (optional) Edit Source IP if you'd like to apply this rule to specific IP range only.
  4. Set Filter Action to "Pass Immediately"
  5. Set URL Content Filter to the profile created in Step3
  6. Click OK to apply  

6. After the above configuration, the router will block most of the websites.

However, the websites of which URL contains the specific keywords are still available.

1. Create an IP Object for the IP address in the lobby. Go to Objects Setting >> IP Object, click Add to create a new profile.

  1. Enter the Profile Name.
  2. Select Address Type as "Range"
  3. Enter Start IP Address and End IP Address as the IP address range for the devices at the lobby.
  4. Click Apply to save.

2. Create a Keyword Object for the URL to pass. Go to Objects Setting >> Keyword Object. Click Add to create a new one.

  1. Enter the Profile Name.
  2. Click Add to add a new keyword.
  3. In the Member Table, enter the keyword of the URL that is allowed to pass.
  4. Click Apply to save. 

3. Set an IP Filter to block all the pages if the packet is from the lobby's IP address. Go to Firewall>> Filter Setup >> IP Filter, click Add to create a new Group. Enter the Group's name and click Apply to save.

4. In the Group created in the previous step, add a new profile:

  1. Enter the Profile Name.
  2. Enable this profile.
  3. For Action, select "Block If No Further Match".
  4. For the Source IP Object, select the IP Object we set for lobby's IP addresses.
  5. Click Apply to save.

5. Set a URL/Web Category Filter to allow accessing a specific website. Go to Firewall >> Filter Setup >> URL/Web Category Filter, click Add to create a new profile.

  1. Enter the Profile Name.
  2. Enable this profile.
  3. For Source IP, select the IP Object we set for lobby's IP addresses.
  4. At Action Policy > Keyword Accept, select the Keyword Object we set for the URL to pass.
  5. Click Apply to save.

Verifying the Setup

With this configuration, for LAN client whose IP address is in the range between 192.168.1.10 to 192.168.1.20, which should be the computers at the lobby, the connection will be fine when they try to access the website with URL containing the keyword.

But when trying to access other pages, an error message will appear.

On the other hand, if the LAN client's IP address is not in the range of 192.168.1.10 to 192.168.1.20, they will be able to access the Internet without restriction.

Published On: 2017-10-03 

Was this helpful?   

book icon

Related Articles