Hi,
I would like some comments from the most experienced users about the best practice when blocking URL.
What I am trying to do is to block specific URL.
These URL may be part from 2 categories:
- Phishing sites (not yet categorized by CheckPoint)
- Normal web sites
What I have done as far:
Rule: Source-Any, Destination : Network Group Which includes destination objects (Domain, Host etc) , Action:Drop
The network group contains Domain objects (For example if I want to block http://blockme.com/jgsgjs/fjsh/ I create a domain object .blockme.com
In this way I block all the domain which sometimes is not good.
For example when I want to block the phishing URL: https://firebasestorage.googleapis.com/v0/b/kasyropnz.appspot.com/o/faswusamino.html
I have to block all the domain .firebasestorage.googleapis.com which is not acceptable.
Any suggestions about the best practice?