SOTI Pulse Logo

Whitelist an url with random parameter value or an entire domain - SOLVED

Solved
SB
Stephane BRICLOT

Dear all,

For an android profile, I try to configure web filter to allow only one web app made of (normally) 3 pages on a device, and I have a problem because of an intermediate dummy page with a random parameter value.

For now, my web filter blocks everything using "*", then I allowed the following pages :

  • external.lg.com (domain base, not working at all without this line)
  • external.lg.com/my.policy (login screen)
  • external.lg.com/export_view (app page)
  • external.lg.com/import_view (app page)

The problem is that, between login and app page, I have a hidden page called with the following URL :

external.lg.com/vdesk/c_ses.php?orig_uri=[random]

This page is supposed to redirect me to the app page, but it's blocked by the web filter policies.

After this page was blocked, I can open a new tab and sleect directly my app page in the shortcuts and the page is opened cause the authentication was completed successfully.

Is there any way to avoid this blocked dummy page each time I connect to the app ?

I already tried to set the domain name with a trailing *, not working. I don't know if there's another special character i can use here to allowed an entire domain with only 1 line.

Many thanks for your help.

2 years ago
SOTI MobiControl
ANSWERS
SB
Stephane BRICLOT
a year ago

Hi all,

The problem was finally fixed thanks to the support team.

Below is their answer, this syntax works fine for me.

In order to whitelist a website, such as "https://www.google.com," it is only necessary to enter the domain name in the web filter configuration.
In this particular example, the domain to be entered is "google.com," omitting the "https://www" portion.

Hope this can help more people.

Solution
RS
Rafael Schäfer
2 years ago

Did you try to add https:// (or http://) in front of the url?
Even i never used that functionality yet i would assume to whitelist entire domain you have to add https://external.lg.com (or http://external.lg.com) as an allowed item to the list.

SB
Stephane BRICLOT
2 years ago

Hello Rafael,

Thank you for your reply.

I already added https to every entry in my web filter, including the root path of my domain.

Here is my exact current setup (just domain name and port are fake, changed for the picture) :

RS
Rafael Schäfer
2 years ago

Interesting is what the help says: 
"You cannot apply both a blacklist and a whitelist within the same profile configuration."

Did you try to seperate? I think this "note" could be obsolete but worth to try because for me it looks fine.

Also ensure that the website you were talking about is really using https and not http when you do your testing.

And regarding following 
"A whitelist is more restrictive than a blacklist. The device user can only access the sites specified on the whitelist."
it sounds like you may only need the whitelisting because all the rest is blocked automatically then.

But as already said, not used yet from us (only Blacklist).

SB
Stephane BRICLOT
2 years ago

I don't remember where I found the solution of adding a global blacklist before creating my whitelist, but if I remove the blacklist, I have no more restriction, I can open any website on my device.

The target website uses https connection, I'm sure about this point.

RS
Rafael Schäfer
2 years ago

So, if you have only a whitelist, every website is able to visit?
This would mean the whitelist won't make sense and i can't really believe.

Otherwise try to seperate those.

SB
Stephane BRICLOT
2 years ago

I made miself the same reflection, why do I need to blacklist everything before whitelist urls I need, if I create a whitelist, that means to everything else has to be blocked.

But no other solution, I tried again and if I remove my blacklist, every website is accessible.

There's the same method explain in this topic too : https://discussions.soti.net/thread/block-entire-web-domain

But anyway, that doesn't explain my issue, and seems there's no solution.

I will try to manage the case with SotiSurf.

A
AMMOD@SOTI
a year ago

Hi Stephane,

Thanks for posting on SOTI Pulse, Thanks Rafael for responding to the post, your expertise and willingness to help are greatly appreciated!

Have you had a chance to raise a support ticket, did it resolve your query?

If not, or if you have any other issues or queries, please don't hesitate to reach out.

We're dedicated to providing assistance and support.

Kind regards,

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

SB
Stephane BRICLOT
a year ago

Hello,

Thank you for your proposal, I've just created a support ticket.

Best regards,

Stéphane

Similar Discussions