This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_W
Advisor
‎2022-12-19 07:21 AM
Jump to solution

Allow URL Path

Hi Mates,

is it possible to allow an URL like https://s3.sbg.perf.cloud.ovh.net/only_this_folder_and_everything_behind/* ?

I tried it already with a custom Application/Site but maybe i use the wrong syntax.

If it is possible how and also without https inspection?

 

Thx
David

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-12-19 09:31 AM
Jump to solution

It is impossible to allow that sort of access without HTTPS Inspection enabled.

View solution in original post

11 Replies
PhoneBoy
Admin
Admin
‎2022-12-19 09:31 AM
Jump to solution

It is impossible to allow that sort of access without HTTPS Inspection enabled.

the_rock
MVP Diamond
MVP Diamond
‎2022-12-20 07:54 AM
Jump to solution

Technically, yes, you could allow it even without https inspection enabled. That blade is never needed to add custom app site, as long as you have URLF blade enabled in the gateway, works fine. Inspection is more if you want firewall to intercept the traffic and "insert" its own cert that would get presented when pages are blocked and it makes sense to have it, since probably 99% of sites now days are indeed https.

I made this work in R81.10 and R81.20 lab just fine without https inspection on. Happy to do remote if you need help.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2022-12-20 06:13 PM
In response to the_rock
Jump to solution

There’s a difference between:

The latter definitely requires HTTPS Inspection.
You can do the former with just HTTPS Categorization.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-12-20 06:27 PM
In response to PhoneBoy
Jump to solution

Correct, but I made it work for all those scenarios in my lab even without inspection on. Obviously, you will never get block page without https inspection enabled.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
D_W
Advisor
‎2022-12-21 12:30 AM
In response to the_rock
Jump to solution

Can you share your solution without https inspection?

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-12-21 05:50 AM
In response to the_rock
Jump to solution

How did you achieve allowing access to https://www.example.com/my_secret_url and blocking all other access to https://www.example.com without https inspection ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-12-21 05:51 AM
In response to G_W_Albrecht
Jump to solution

Well, by spending many hours on it until I finally got it.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-12-21 05:53 AM
In response to the_rock
Jump to solution

This does not answer my question at all. If you found a solution without https inspection you will get famous here, so why not disclose it ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-12-21 05:55 AM
In response to G_W_Albrecht
Jump to solution

I dont care about being famous mate, not my motto in life, never been, haha. I wont disclose it, because Im 100% sure its totally unsupported anyway, I just wanted to prove to myself that it can work, which it did.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2022-12-21 06:08 AM
In response to the_rock
Jump to solution

Honestly - I get a bad feeling when people tell me: Just send me a message privately and i will disclose an unsupported configuration to you. If you can explain it openly we can try ourselves if it really works for us, otherwise i would not talk about it at all...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-12-21 06:12 AM
In response to G_W_Albrecht
Jump to solution

Now that I think about, I agree, I will not share it with anyone, not because I dont want to, its because I know its totally UNSUPPORTED what I did, but works 100%.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events