cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

URL Filtering for hosted services

Checkmates,

Can URLF work for websites/services published through Checkpoint ? For example, A web server hosted behind Checkpoint is published as abc.com on the internet. Can URLF policies be enforced on inbound traffic so that akamai, tor or any anonymizers can be blocked from accessing the hosted website. 

0 Kudos
4 Replies
Admin
Admin

Re: URL Filtering for hosted services

If you want to block traffic coming from TOR addresses, this doesn't require URL Filtering. See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I'm curious what the use case is for blocking traffic from Akamai IPs since they usually serve as a cache.
I guess if they use a particular User Agent to reach your site, you could create an Application Control signature to check for that and block on it.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note this will require using HTTPS Inspection if the site is available via HTTPS.
0 Kudos
Highlighted

Re: URL Filtering for hosted services

Hi Dameon,
Thanks for your response. Akamai is just used as an example. We would want to block mainly anonymizers, TOR etc. We see many requests originating from servers trying to access content of the published site which we would like to block.

Not sure if creating one custom application signature would suffice because the site may be browsed from everywhere on the internet.
0 Kudos
Admin
Admin

Re: URL Filtering for hosted services

In that case, it's best to block by IP and not use App Control/URL Filtering.

The SK I referred to previously is a starting point, another possible approach is: http://opendbl.net/#checkpoint.html

0 Kudos
Wolfgang
Silver

Re: URL Filtering for hosted services

Mubarizuddin_Mo,

beside the recommendations of Dameon and following your original question.

Yes, URLF works too from external to internal webservers. It works in all directions.

We are using this to control access to some special URL-pathes on our webservers. To allow only special sources to special pathes.

Wolfgang

0 Kudos