check from here

Yes, block it through the application policy.

Hi all, I fixed the problem.
In NGAF- Decryption, uncheck 'Exclude HSTS website', then in Application Control, add a policy to deny 'Facebook post', for example. After then, it can block the user to post and comment on the Facebook.

If you want to decrypt the website which already in the HSTS website list(you can download the excel file to see details in NGAF ), you must remember uncheck this "'Exclude HSTS website'".

As I checked in this post that you replied to all that you have already done with all the necessary checks and configuration but the problem still exists then well in that case either check with the license of the device if it allow such changes and if yes then I would recommend to open a TAC Case with sangfor team. They better know their products. Tech.Support@sangfor.com <Tech.Support@sangfor.com>;

Sometimes the product needs more maturity and it is only possible by R&D.

It is possible to block users from posting or commenting on Facebook while still allowing them to browse articles using a web filtering solution such as Sangfor. However, there are some limitations and challenges to this approach.

First, Facebook uses HTTPS encryption to protect user data, so you need to decrypt the traffic in order to apply web filtering policies. However, Facebook has implemented measures to prevent decryption of their traffic, including certificate pinning and HSTS. This means that even with a self-signed certificate installed on your Sangfor device, it may not be possible to decrypt all Facebook traffic.

Second, Facebook uses a variety of protocols for different features, including HTTP, HTTPS, and QUIC. Blocking one protocol may not be sufficient to prevent users from posting or commenting. In addition, blocking QUIC may have unintended consequences, as it is becoming increasingly popular and is used by other web services besides Facebook.

To effectively block posting and commenting on Facebook, you may need to use a combination of web filtering policies and user education. For example, you could create a web filtering policy that blocks certain URLs or keywords associated with posting and commenting, and combine it with user education to inform users of the policy and the reasons behind it.

Ultimately, the best approach will depend on your specific network environment and security requirements. It may be helpful to consult with a security expert or Sangfor support to determine the most effective strategy for your organization.

It is possible to block users from posting or leaving comments on Facebook while still allowing them to browse Facebook articles. However, this can be a bit tricky as Facebook uses HTTPS encryption, which can make it difficult to intercept and block specific traffic.

One approach you can try is to use a web filtering or application control solution that supports HTTPS decryption. This will allow you to intercept and inspect the HTTPS traffic to Facebook, and block any requests that are related to posting or commenting. You mentioned that you have already installed the Sangfor self-cert to decrypt HTTPS traffic, but have experienced some issues with it. You may want to check your certificate installation and configuration to ensure it is set up correctly.

Another approach you can try is to use a DNS-based filtering solution that blocks access to the domains used by Facebook for posting and commenting. This approach is less granular than HTTPS decryption, as it relies on blocking entire domains rather than specific traffic types. However, it can be easier to implement and manage.

Finally, you may want to consider implementing a policy that educates users on responsible Facebook usage, rather than simply blocking certain features. This can help promote a positive workplace culture and reduce the risk of users finding ways to circumvent your security controls.

1. Login to the NGAF web console and navigate to the "URL Filter" section.

2. Create a new custom URL category by clicking on the "Add" button and specifying a name for the category.

3. Add the URLs or domains that allow posting and commenting on Facebook to the custom URL category.

4. Create a new policy that blocks access to the custom URL category you just created.

Yes, it is possible to block a user from posting or leaving comments on Facebook while still allowing them to browse articles. This can be done through the use of Facebook's privacy and security settings.

To block a user from posting or leaving comments on Facebook, you can do the following:

Go to the user's profile page.
Click on the three dots on the right-hand side of the page and select "Block" from the drop-down menu.
Follow the prompts to block the user.
To allow browsing of Facebook articles, you can set your privacy and security settings to only allow access to articles and posts that are shared publicly. To do this, follow these steps:

Go to your Facebook settings.
Click on "Privacy" in the left-hand menu.
Under "Your Activity," select "Who can see your future posts?"
Set this to "Public" to allow anyone to view your posts and articles.
Under "How people can find and contact you," select "Who can send you friend requests?"
Set this to "Everyone" to allow anyone to send you friend requests.
Under "Timeline and Tagging," select "Who can see what others post on your timeline?"
Set this to "Public" to allow anyone to view posts made on your timeline.