Blocking IP only pages ONLY when certain conditions applied

[Rohit]

Hello All,

I am trying to block IP only hosts through WEB FILTER, ONLY when certain conditions met (i.e. traffic is coming from certain host and on certain ports). I cannot use option "Block pages from IP only hosts" on Advance tab as it will block ALL IP only host.

I tried to utilized Rules option and used following conditions with various regular expressions but nothing helped:

HTTP:Hostname =

\b(?: (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b

HTTP:Hostname =

((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9])

HTTP:Hostname =

\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}

HTTP:Hostname =

([0–9]{1,3}[\.]){3}[0–9]{1,3}

HTTP:Hostname =

^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$

Can you please explain if it is possible to block IP Only hosts via Rules, if yes, what I am missing?

Thanks in advance.

[Jim.Alles]

...to Untangle and the forums!

I can't answer your question.

I have some advice. NGFW generally doesn't use pure regex. But the rules are one thing.

A powerful NGFW facility that you need to explore is Policies. (formerly known as racks)

The Webfilter [IP numbers only] filter is a simple checkbox.

The key is that you can have more than one instance of the WebFilter app.

Set up a policy for the desired hosts, at least, and mebbe the ports. I am not well-versed in that area.
/admin/index.do#service/policy-manager/policies

https://wiki.untangle.com/index.php/Policy_Manager#Policies

[Rohit]

Jim thanks for the advise, I know, I have a very unique requirement and so far I have not found any workaround to work it out. I tried to explore Policies already but so far I was not able to find a way.

[Sam Graf]

I'm guessing Jim has a layered approach in mind for Policy Manager, since policies can be nested/have parents.

In any case, rule conditions are complex and use different matchers or types (e.g., boolean). It's almost certain (if I'm following at all what you're trying to do) that you'll need multiple conditions in a rule for this reason. For instance, port numbers, hostnames, and IP addresses are evaluated differently.

And then there's picking the right app for the job, one that supports the necessary rule conditions. My instinct is that the Firewall app might be a more natural tool for this job, but I could be wrong.

I do hope you can make it work!