https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192282#M32220 <P>For Threat Prevention, you have the ability to create <A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/Topics-TPG/SNORT-Signature-Support.htm" target="_self">Snort Signatures</A>.</P> Mon, 11 Sep 2023 18:07:56 GMT PhoneBoy 2023-09-11T18:07:56Z https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192019#M32168 <P>Hi all,</P><P>we have some Microsoft packets coming form MS ISP IP addresses on HTTPS.<BR />Those packets are originated by MS services for authentication purposes.<BR />They are proxied through our firewall and forwarded to our onpremise federated auth infrastructure in dmz.</P><P>We receive both legitimate auth requests and brute force attacks.<BR />The source IP addresses are ever trusted MS IPs and can not be filtered or dropped.<BR /><BR />We would know if there is a way to enable https inspection inbound , parsing the content (the IP addreess inside the message) based on a list of IPs that we knows as malicius and we collect in other ways end finally prevent the packet from reaching the auth infrastructure</P><P><BR />Only the checkpoint IPS&nbsp; IPs reputation&nbsp; may be not enough for us</P><P>(for now Microsoft says there is no ways for them to block those request......)</P><P>Many thanks <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>Rui</P> Fri, 08 Sep 2023 09:21:30 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192019#M32168 RuiCosta 2023-09-08T09:21:30Z https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192090#M32180 <P>How precisely is the IP encoded in the traffic?<BR />If it's not in an IP or an HTTP header, it'll probably require an RFE.</P> Sat, 09 Sep 2023 02:25:21 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192090#M32180 PhoneBoy 2023-09-09T02:25:21Z https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192154#M32192 <P>Hi, tks for your answer. Unfortunately inside the body message.&nbsp;<BR />I suppose that a way must exist maybe in another blade like AV.<BR /><BR /></P> Mon, 11 Sep 2023 07:36:33 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192154#M32192 RuiCosta 2023-09-11T07:36:33Z https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192282#M32220 <P>For Threat Prevention, you have the ability to create <A href="https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_ThreatPrevention_AdminGuide/Topics-TPG/SNORT-Signature-Support.htm" target="_self">Snort Signatures</A>.</P> Mon, 11 Sep 2023 18:07:56 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192282#M32220 PhoneBoy 2023-09-11T18:07:56Z https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192733#M32272 <P>Hi. Many thanks, I will check this feature (for me) unknown <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span>&nbsp;<BR /><SPAN>Bye</SPAN></P> Fri, 15 Sep 2023 08:10:55 GMT https://community.checkpoint.com/t5/General-Topics/HTTP-Inspection-with-personalized-content-filter/m-p/192733#M32272 RuiCosta 2023-09-15T08:10:55Z