seems no matter what I do the custom websites options seems not to work?

cfts_ea
cfts_ea Posts: 19  Freshman Member
First Comment Fifth Anniversary
edited April 2 in Security

I tried for a few days to get the custom Service working with absolutely zero success.

I am trying to block all access to this domain, period, as we are getting a lot of phishing and spam from this domain.

Sample URL, that im trying to block


Is it possible to advise how to get this working properly?

Device Information
System Name
CFTS-ATP-800
Serial Number
S232L09102880
MAC Address Range
FC:22:F4:E1:68:8B ~ FC:22:F4:E1:68:98
Firmware Version
V5.37(ABIQ.2) / 2024-01-20 02:14:39

All Replies

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    If the browser is not using a VPN or proxy you should be able to block it.

    Have you applied the Content Filter to a policy control rule? Have you tried the DNS Content Filter too?

    Block UDP 443 from LAN to WAN

  • cfts_ea
    cfts_ea Posts: 19  Freshman Member
    First Comment Fifth Anniversary

    Yes, to all except UDP 443, I need a little explanation on that, im not using a VPN.

  • PeterUK
    PeterUK Posts: 3,461  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited April 2

    QUIC uses UDP port 443 instead of TCP 443 the way Content Filter works for TCP 443 is by SNI in the clear but if a web site uses QUIC Content Filter can't work by blocking this it forces the browser to use TCP 443

    also run this in console

    debug content-filter https-domain-filter cache flush

  • cfts_ea
    cfts_ea Posts: 19  Freshman Member
    First Comment Fifth Anniversary

    Thanks, done as suggested, still not working, Tomorrow I make some system wide rules and see if I can pin down whats going on.

  • cfts_ea
    cfts_ea Posts: 19  Freshman Member
    First Comment Fifth Anniversary

    OK did a system wide test, it seems the custom rules do not work, the content filter profile is working just fine, its the custom side that is not!

  • electsystech
    electsystech Posts: 47  Freshman Member
    First Answer First Comment Friend Collector Fifth Anniversary

    Try adding *cloudflare-ipfs.com to the forbidden websites.

Security Highlight