Wireless Access


Permit Specific URL - Block Rest of Domain

I don't think this is possible, but figured double-check. For our IoT aruba role, we block access to all of our public websites (address space) as a method of discouraging students from registering their laptops, mac books, etc on the IoT network. This has worked well for 99% of the all devices, however, we've come across a streaming service that hosts a playlist file behind one of the pulic web servers - that Alexa needs access to. Is it possible to get more granular with the polices (url/dns level) to permit a specific URL - but block rest of the domain? Otherwise I'm envisioning only other way is a dedicated web server (single ip address) to host this one streaming file.

Guru Elite

Re: Permit Specific URL - Block Rest of Domain

You cannot block a URL.  You can only block the domain.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Guru Elite

Re: Permit Specific URL - Block Rest of Domain

Unfortunately no. The easiest way to solve this is blocking access to your single sign on portal which will deter student use.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Permit Specific URL - Block Rest of Domain

Thanks folks. :-) That's what I figured. It's actually meant for student use primarily. We primarily block email and learning websites (singled out) and have a blanket statement for anything else normally public. This coming year our clearpass admin will look into dropping them into limited roles with redirection - course that relies them on at least connecting to our secure network at least once and being profiled as a student 802.1x device.


Re: Permit Specific URL - Block Rest of Domain

Ah. Capalli, I immediately got what you meant by "single sign on" portal. Great idea!

Search Airheads
Showing results for 
Search instead for 
Did you mean: