Announcement

Collapse
No announcement yet.

Question about blocking http post to a specfic URL

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Question about blocking http post to a specfic URL

    I have an app installed that, upon launch, is phoning home and posting data to a specific URL. While I could block the IP or the DNS name, this would prohibit access to the site entirely, which I would like to avoid. I have a grandfathered Home license and was wondering which app in NGFW I might accomplish this in.

    As an example:

    Is it possible to block traffic to the site www.somenaughtysite.com where the URL contains */data/* but still allow access to the base site URL? If so, what app/rule needs to be created?

    Apologies if this is the incorrect forum area. Please feel free to move as needed.

    Regards,

    Tony

  • #2
    Web Filter is the only app that explicitly blocks websites based on URL, so most of your work goes there. However, you also need to be using SSL Inspector and inspecting the site in question; without SSL Inspector, Web Filter can only see the 'main' part of the URL. To extend your example, Web Filter only sees www.somenaughtysite.com, regardless of what else is in the address bar. Everything after the .com/ part of the URL is called URI and can't be seen without SSL Inspector.

    So, when using SSL Inspector, we get to see (and act upon) the URI portion of the URL. This gives us the ability to create a Web Filter Block Site rule for *somenaughtysite.com/data/*. Without another rule in place instructing Web Filter to block the base URL, it won't.

    Thus, your tasks:
    1. Get SSL Inspector working
    2. Ensure SSL Inspector is inspecting the site(s) in question
    3. In Web Filter > Block Sites, create your rule(s) to block specific areas of the site
    This may have unintended consequences, however, depending on the structure of the site. For example, if some script that's necessary to the site's login process is stored in .com/data/, then that script would be blocked from running. If the site stores its images in /data/, no images will load.
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

    Comment


    • #3
      Originally posted by gravenscroft View Post
      Thus, your tasks:
      1. Get SSL Inspector working
      2. Ensure SSL Inspector is inspecting the site(s) in question
      3. In Web Filter > Block Sites, create your rule(s) to block specific areas of the site
      This may have unintended consequences, however, depending on the structure of the site. For example, if some script that's necessary to the site's login process is stored in .com/data/, then that script would be blocked from running. If the site stores its images in /data/, no images will load.
      Cudos, sir. Very clear & concise instructions. It worked like a charm! I am an IT support guy for a living and can personally attest to how unclear people tend to be at times, so again, I say cheers for the exacting steps in your answer.

      Random side note: I was dabbling in the adblocker last night and had a leftover rule where I was attempting to block. Once I enabled SSL inspection, that rule started working... LOL! I went ahead and removed it and created a counterpart in the Web Filter for consistency's sake, but I thought you might see a bit of humor in knowing that.

      Regards,

      Tony

      Comment


      • #4
        That's very kind of you to say! I appreciate your compliments. I'm the de facto owner of our documentation, so it's nice to hear that it's probably working correctly.
        Græme Ravenscroft • Technical Marketing Engineer
        ('gram', like the unit of measurement)
        he/him
        Please don't reboot your NGFW.
        How can we make Arista ETM products better?

        Comment

        Working...
        X