cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

How do you block IP based URL names?

Sigh...  This would be easy if you were blocking uncategorized URL sites.  http://8.8.8.8. would be blocked.  But we cannot block uncategorized.  In the logs, the Application Name shows the name as an IP.  There just does not seem to be a method to drop it.  Am I missing it?

6 Replies
Vladimir
Pearl

Re: How do you block IP based URL names?

You should be able to define custom Applications and use IPs in URLs.

If you want to be less specific and simply drop any URL containing IP address, you should be able to do so by defining the custom App's URL as REGEX:

Not being regex expert, I cannot be more specific.

There used to be "All Unknown" or some such object in R77.XX, but it is no longer available.

0 Kudos
Admin
Admin

Re: How do you block IP based URL names?

There is an "uncategorized" tag you can add to the rulebase to block/allow based on that (even in R80.x).

Also, in R80.x, there is a "Unknown Traffic" App Control signature that matches everything that isn't HTTP that doesn't match any other signature.

0 Kudos
Vladimir
Pearl

Re: How do you block IP based URL names?

Thank you for bringing these to my attention.

I'd like to learn more about their use cases and consequences.

0 Kudos

Re: How do you block IP based URL names?

IP V4 has about 4 billion possible addresses.  It will take awhile to add them to that custom group.  Let alone that I have people already choking on the number of objects we have now.  Smiley Happy

The point is to drop IP address URL strings.  After they figure that out that decimal addresses work to, then we will have to block those too.

0 Kudos
Vladimir
Pearl

Re: How do you block IP based URL names?

When using regular expressions, you are performing pattern matching. Use 0-9 or 0-9,0-9 or 0-9,0-0,0-9 for each octet, not actually adding those by hand.

If you are simply trying to discriminate between normal URLs and those containing IPs, this should allow https://www.checkpoint.com but block https://104.76.111.191/

Alex_Weldon
Nickel

Re: How do you block IP based URL names?

I think something like this might work - \/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

0 Kudos