This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
gema_adhan
Participant
‎2018-10-16 05:22 PM

https url redirection

Hi

I got an request to do URL redirection on my customer's site. they are asking me to redirect https://some.sites.com/someurl to https://some.sites.com/redirectoindex. I am sure this can be done by modifying Htaccess on the server itself. But we dont take any risk on production server, so we tried to manipulate it on the checkpoint gateway. At first i think it is possible to be done and i've tried sk40348, and the fact... this SK is intended only work on http. does anyone have experience about this? if so, i hope you can share the answer with us. FYI.. we are using gaia R77.30 as Management Server.

Thanks A lot..

5 Replies
Dor_Marcovitch
Advisor
‎2018-10-16 11:48 PM

What kind ofntraffic is it? Traffic incoming from the internet to your organization? Or from your organization to the internet?

Is it a temporary confoguration or not because soon r77.30 will be end of supplort and you will need to upgrade to r80

Except for the web server and the checkpoint what other security solution do you have involvong this website

This is needed only for a direct http request for this uri or rewriting of links is needed?

0 Kudos
gema_adhan
Participant
‎2018-10-17 08:45 PM
In response to Dor_Marcovitch

Hi Marcovitch Thanks for your responses.

What kind ofntraffic is it? Traffic incoming from the internet to your organization? Or from your organization to the internet?

 the traffic is incoming traffic that is coming from internet

Is it a temporary confoguration or not because soon r77.30 will be end of supplort and you will need to upgrade to r80

 it would be permanent configuration, yeah we know it, R77.30 will be end of support next year, but most of our customer is using R77.30

Except for the web server and the checkpoint what other security solution do you have involvong this website

 i think there is no other security device between the server and our checkpoint gateway. The server reside on DMZ segement on our checkpoint gateway,

This is needed only for a direct http request for this uri or rewriting of links is needed?

i think both soultion can be applied. because we just need to hide  https://some.sites.com/someurl from interenet but still allowing it to be accessed from internal network.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-19 04:20 PM

That SK refers to the HTTP Security Server, which definitely does not support HTTPS.

To do this with HTTPS, I believe you can do something like:

  • Enable HTTPS Inspection for the inbound traffic (means getting the HTTPS certificate used for the webserver)
  • Create an application that refers to https://example.com/uri-to-redirect
  • Create a UserCheck action that redirects to https://example.com/redirect-to-uri (this is an option with a UserCheck action)
  • Create a rule that refers to this application and with action Drop and the UserCheck action you created.
0 Kudos
gema_adhan
Participant
‎2018-10-24 02:11 AM
In response to PhoneBoy

Hi Dameon, sorry for late response. Thanks for your advice Dameon... I will ty it on my lab first before propose it the the user. and I will inform to you the result. But...Is there alternative way to accomplish this task instead of using https inspection because it will add the load of the gateway since there is limititation on the hardware that we used. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-10-24 06:53 AM
In response to gema_adhan

It is technically impossible to do any sort of URL redirection without terminating the HTTPS connection.

Currently, the only way to do this is HTTPS Inspection.

Note: you can enable it for just inbound to the one site and be in "bypass" mode for everything else.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top