Solved: If you using the exchange

andrew.schiro · ‎07-28-2017

I've created a test rule to block .study, .accountant, .party, .click, .top, .life, .yokohama, .ml TLD's

I first created a URL objects and then put them in the group TLD_Top10_abused

Created a test policy under users with only me with block with reset.

For some reason it dosn't seem to work. When I created the URL objects I named them "irl.study" then put ".study" as the url. Is there a trick to blocking TLD's?

Farhan Mohamed · ‎08-07-2017

Have you tried or heard about opendns, if not please check. OpenDNS can block all Top-Level-Domains (TLDs) except .com. Entering a TLD such as net, cn, ru, and so on, will block all sub-domains that end with that TLD name.

See https://support.opendns.com/entries/26514730-Web-Content-Filtering-and-Security

"there are limits on how many entries can be added to 'always block' list. In my case it is 25."

With OpenDNS VIP it is 50.

"you can not establish a whitelist of countries that you want to allow and blacklist all others"

You can - easily! You go for OpenDNS VIP, enable the whitelist-only mode, and add the few TLDs you want to allow to the whitelist. 50 should be sufficient, right?

"If it is not possible to automatically detect language then don't."

OpenDNS has nothing to do with websites and their languages. A DNS service deals with domain names only.

Also check Cisco Umbrella, which is new name for Opendns.

I can arrange demo if you want to know more about Umbrella?

#Please rate if it helps.

View solution in original post

Farhan Mohamed · ‎08-07-2017

If you using the exchange server 2010, follow the process as below:-

The specific TLD's I am blocking at present are as follows:

.bar, .bid, .br, .cf, .click, .club, .cn, .cr, .cricket, .date, .eu, .faith, .fr, .ga, .gdn, .gg, .in, .link, .lol, .ml, .ninja, .party, .pw, .racing, .rocks, .rs, .ru, .science, .space, .stream, .tk, .top, .tr, .trade, .us, .wang, .webcam, .website, .win, .work, .xxx, .xyz

I have accomplished this through the use of Sender Filtering (Exchange Management Console -> <OU> -> Organization Configuration -> Anti-spam -> Sender Filtering) and adding each TLD to the Blocked Senders list as a "Domain (include all subdomains)", as opposed to as an "Individual e-mail address" (sic).

#Rate if it helps

andrew.schiro · ‎08-07-2017

Farhan,

While this will block spam from entering our accounts from these Top Level Domains, I want to block all traffic in firesite to and from these TLD's. No legitimate traffic should be occurring from these domains.

For instance, If I try to block t.co (twitter links) it blocks anything ending with "t" in the domain name and part of the .com TLD

There seems to be a bit of unintentional wildcarding going on in processing of URL's, which is why I want a method of blocking TLD's not just domains.

Farhan Mohamed · ‎08-07-2017