Web Filter is the only app that explicitly blocks websites based on URL, so most of your work goes there. However, you also need to be using SSL Inspector and inspecting the site in question; without SSL Inspector, Web Filter can only see the 'main' part of the URL. To extend your example, Web Filter only sees www.somenaughtysite.com, regardless of what else is in the address bar. Everything after the .com/ part of the URL is called URI and can't be seen without SSL Inspector.

So, when using SSL Inspector, we get to see (and act upon) the URI portion of the URL. This gives us the ability to create a Web Filter Block Site rule for *somenaughtysite.com/data/*. Without another rule in place instructing Web Filter to block the base URL, it won't.

Thus, your tasks:

1. Get SSL Inspector working
2. Ensure SSL Inspector is inspecting the site(s) in question
3. In Web Filter > Block Sites, create your rule(s) to block specific areas of the site

This may have unintended consequences, however, depending on the structure of the site. For example, if some script that's necessary to the site's login process is stored in .com/data/, then that script would be blocked from running. If the site stores its images in /data/, no images will load.

Cudos, sir. Very clear & concise instructions. It worked like a charm! I am an IT support guy for a living and can personally attest to how unclear people tend to be at times, so again, I say cheers for the exacting steps in your answer.

Random side note: I was dabbling in the adblocker last night and had a leftover rule where I was attempting to block. Once I enabled SSL inspection, that rule started working... LOL! I went ahead and removed it and created a counterpart in the Web Filter for consistency's sake, but I thought you might see a bit of humor in knowing that.

Regards,

Tony

That's very kind of you to say! I appreciate your compliments. I'm the de facto owner of our documentation, so it's nice to hear that it's probably working correctly.