This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Roger_Boyle
Explorer
‎2020-09-03 08:11 AM

How to block a specific URL

Trying to block:

https://www.virtualbox.org/wiki/Downloads

Using R80.10, HTTPS Inspection is enabled. I can block the domain but I need to block the "Downloads". Every custom app rule I make never hits o this URL, I don't think I am getting the syntax right for the "regular expression". Any help will be greatly appreciated.

 

0 Kudos
8 Replies
Cyber_Serge
Collaborator
‎2020-09-03 03:34 PM

Did you make a custom application/site object under application policy to block it?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-03 04:42 PM

You can't block a specific HTTPS URL unless HTTPS Inspection is enabled.
And if you're using HTTPS Inspection, it's highly recommended you be on a more current release.

0 Kudos
Roger_Boyle
Explorer
‎2020-09-03 04:51 PM
In response to PhoneBoy

Well just because of that I spun up an R80.40 release and HTTPS inspection enabled. Same problem, the rule never gets hit. I've checked the regex expression and it appears to be right. If I missed something please let me know. Screenshots are attached.

1.jpg
Preview file
15 KB
2.JPG
Preview file
48 KB
3.JPG
Preview file
113 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-03 08:59 PM
In response to Roger_Boyle

Try not backslashing the forward slashes in your URL.

0 Kudos
_Val_
Admin
Admin
‎2020-09-03 11:42 PM
In response to Roger_Boyle

@Roger_Boyle did you try using a native URL without regular expressions?

Also, in this specific case Dameon is correct, HTTPSi should be enabled.

0 Kudos
AlejandroH
Ambassador
Ambassador
‎2020-09-04 08:14 AM

So I tested your request on my lab and I couldn't do the exact page.  I was able to do the homepage and even with HTTPS enabled it will not work.  Regex didn't solve it,  

Using your logic of not allowing users to download from Virtualbox.org but not block the page, you can use Content awareness.  Build a custom app for the URL (virtualbox.org*) and use content aware to not allow download of ANY file.  Set the action to block and that would allow access to the page but not to download anything from the site.

PageBlock.jpg
Preview file
95 KB
Rulebase.jpg
Preview file
158 KB
0 Kudos
Mithu
Contributor
‎2020-09-06 01:27 AM
In response to AlejandroH

Is it possible to block a particular page? I thought firewalls can inspect up to domain level (URL) not gradual inspection like whole URI, this was the information provided by TAC engineer when I  open a SR for a similar requirement!!

0 Kudos
PhoneBoy
Admin
Admin
‎2020-09-06 11:05 PM
In response to Mithu

If your goal is to prevent downloads from virtualbox.org, using Content Awareness is probably the right answer as it should catch it regardless of the URL.
If you have a requirement to block a specific URL on a specific site, HTTPS Inspection is enabled, and it's not working correctly, please engage with the TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top