https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51993#M12750 <P><SPAN>Mubarizuddin_Mo,</SPAN></P><P>beside the recommendations of Dameon and following your original question.</P><P>Yes, URLF works too from external to internal webservers. It works in all directions.</P><P>We are using this to control access to some special URL-pathes on our webservers. To allow only special sources to special pathes.</P><P>Wolfgang</P> Fri, 26 Apr 2019 18:53:15 GMT Wolfgang 2019-04-26T18:53:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51734#M12746 <P>Checkmates,</P><P>Can URLF work for websites/services published through Checkpoint ? For example, A web server hosted behind Checkpoint is published as abc.com on the internet. Can URLF policies be enforced on inbound traffic so that akamai, tor or any anonymizers can be blocked from accessing the hosted website.&nbsp;</P> Wed, 24 Apr 2019 16:06:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51734#M12746 Moe_89 2019-04-24T16:06:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51739#M12747 If you want to block traffic coming from TOR addresses, this doesn't require URL Filtering. See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103154" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103154</A><BR />I'm curious what the use case is for blocking traffic from Akamai IPs since they usually serve as a cache.<BR />I guess if they use a particular User Agent to reach your site, you could create an Application Control signature to check for that and block on it.<BR />See: <A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103051" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk103051</A><BR />Note this will require using HTTPS Inspection if the site is available via HTTPS. Wed, 24 Apr 2019 16:17:06 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51739#M12747 PhoneBoy 2019-04-24T16:17:06Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51745#M12748 Hi Dameon,<BR />Thanks for your response. Akamai is just used as an example. We would want to block mainly anonymizers, TOR etc. We see many requests originating from servers trying to access content of the published site which we would like to block.<BR /><BR />Not sure if creating one custom application signature would suffice because the site may be browsed from everywhere on the internet. Wed, 24 Apr 2019 16:51:53 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51745#M12748 Moe_89 2019-04-24T16:51:53Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51982#M12749 <P>In that case, it's best to block by IP and not use App Control/URL Filtering.</P> <P>The SK I referred to previously is a starting point, another possible approach is:&nbsp;<A href="http://opendbl.net/#checkpoint.html" target="_blank">http://opendbl.net/#checkpoint.html</A></P> Fri, 26 Apr 2019 17:13:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51982#M12749 PhoneBoy 2019-04-26T17:13:15Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51993#M12750 <P><SPAN>Mubarizuddin_Mo,</SPAN></P><P>beside the recommendations of Dameon and following your original question.</P><P>Yes, URLF works too from external to internal webservers. It works in all directions.</P><P>We are using this to control access to some special URL-pathes on our webservers. To allow only special sources to special pathes.</P><P>Wolfgang</P> Fri, 26 Apr 2019 18:53:15 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/URL-Filtering-for-hosted-services/m-p/51993#M12750 Wolfgang 2019-04-26T18:53:15Z