URL Block List and Allow List Patterns
This article focuses on the Content Filtering feature of the Cisco Meraki MX Security Appliance. This feature is important because it can be utilized to control the type of content that can be reached on the Internet. This is key when an administrator would like to limit the type of content his or her clients can reach.
Operation:
Cisco Meraki MX Security Appliances integrate with BrightCloud website reputation categories to group certain types of websites. When a user sends an HTTP request out to a website, the traffic will pass through the MX. The MX will try to match the URL against allow listed or blocked URL rules and then against blocked categories. If there is a match, the MX will apply the correct rule to the client (i.e. forward the traffic out or send a block redirect page to the client).
Category blocking will block all the websites that contain that type of content. URL blocking will block the URL specifically, ranging from the website as a whole to specific parts of a website. More information on this can be found on the MX Content Filtering documentation.
Example Configuration:
In the above example, any content that relates to Government will be blocked because the Government category is selected. There is also an allow listed URL patterns entry. Allow listed URLs will be permitted before they are blocked by the Category. In this case, when a client sends a packet matching the URL of "whitehouse.gov/blog", the packet will be forwarded out allowing the user to reach that website even though the Government category is blocked.
Although the URL "whitehouse.gov/blog" can be reached, the client will only be able to reach that URL. If the user tries to reach any other portion of the site that does not begin with that URL, they would be blocked. When very specific URLs are blocked (i.e. more specific than whitehouse.gov), it is advised to test the ability to reach the website. Other portions of that website may be stored in other areas of the web server, and this will cause the page to appear as broken.