hello community
i need to block the ability to surf cineblog01, an illegal film streaming platform which changes hostname every 10 days (cineblog01.voto, cineblog01.ink, cineblog01.cloud)
i can't block the entire streaming media category
i'd like to do something like deny cineblog01.*
Solved! Go to solution.
I think you might have a couple options.
1) Block streaming media. Then start whitelisting the known good services you want to allow.
2) Start doing to research/packet captures on the data. Find out what port it is using or maybe it used a common CDN everyday even thought the domain in changing. Then block that URL.
3) If you have a small subset of users doing this, then you might create an alert or rule to block all internet after using 1GB of data on that service. Then coach the user or forward to their manager.
Should be possible as you said:
The asterisk symbol has two primary uses in URLs for content filtering.
https://documentation.meraki.com/MX/Content_Filtering_and_Threat_Protection/Content_Filtering
thank you for your quick reply
if i use only the asterisk it blocks everything, instead:
I'm afraid it's not possible to block it that way.
An asterisk is evaluated as a literal asterisk when in an URL.
I first thought you could just put cineblog01, but that's not going to work either.
You could block the "Entertainment and Arts" url category, but then you'll be hitting a lot of other websites as well.
They don't happen to use a static IP range do they?
@wifijanitor i already tried your suggestion and it doesn't work
in fact the line @MarcP quoted says: the " * " (asterisk) symbol when used on its own line is an all-inclusive wildcard which represents all possible entries
@BrechtSchamp unfortunately not, the change also the ip range..
I think you might have a couple options.
1) Block streaming media. Then start whitelisting the known good services you want to allow.
2) Start doing to research/packet captures on the data. Find out what port it is using or maybe it used a common CDN everyday even thought the domain in changing. Then block that URL.
3) If you have a small subset of users doing this, then you might create an alert or rule to block all internet after using 1GB of data on that service. Then coach the user or forward to their manager.
@SoCalRacer‘s #3 has some keys. In the past with clients, I identified the culprit machine, we identified users of that machine, and they handled it as a management matter.
Mgmt may want to turn this into solely a technical manner, but that leaves you responsible while letting mgmt not do the hard thing. Good luck.
What happens if you put just cineblog01 in the blocked URL patterns list?
@PhilipDAth wrote:What happens if you put just cineblog01 in the blocked URL patterns list?
If the docs are correct then it wouldn't match. It would try to match cineblog01.voto and failing that it would try to match .voto.
On the videos I checked they are all using the same CDN. So I would block that. Not sure if that will also change every day, but it is worth a shot. Also it seems like the service won't work without authenticating, when doing that it is doing it via the same primary domain (4kmovies.online) I would assume changing domains daily with DNS propagation and changing the location of the authentication service everyday has to be time consuming. Also IP range they are currently using is 104.31.77.0-104.31.77.255 and located in Chicago behind Cloudflare. I thought maybe you could try a block from a country outside if yours, but looks like that won't work.
cdn.4kmovies.online