This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sergey_Anikeev
Contributor
‎2024-04-24 01:08 AM
Jump to solution

Access from internet for URL path

Hello colleague!

Please help me understand how to implement the following settings.

Our system
SMS Gaia R81.20
ClusterXL Gaia R81.10


Our Web resource has been published on the Internet and is available at (as an example)
https://web-site.com/

We want to leave access only for this path (from Internet)
https://web-site.com/folder/data/

and deny access along the path:
https://web-site.com/folder/catalog/


Is this possible to do using rules on the gateway?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-04-24 09:06 AM
Jump to solution

Yes, using a custom application/site and HTTPS Inspection (required to see the URLs accessed).

View solution in original post

15 Replies
PhoneBoy
Admin
Admin
‎2024-04-24 09:06 AM
Jump to solution

Yes, using a custom application/site and HTTPS Inspection (required to see the URLs accessed).

Sergey_Anikeev
Contributor
‎2024-04-25 12:18 AM
In response to PhoneBoy
Jump to solution

Am I correct in understanding that the rule structure itself should look like this (as an example)?

1.JPG


P.S.

SSL inspections activated.

0 Kudos
the_rock
Legend
Legend
‎2024-04-25 03:57 AM
In response to Sergey_Anikeev
Jump to solution

That should work or what I always do is say you want to block anything facebook, I just put it as *facebook* in URL list.

Andy

0 Kudos
Sergey_Anikeev
Contributor
‎2024-04-26 12:07 AM
In response to the_rock
Jump to solution

Unfortunately rule 1.1 does not work.
The traffic eventually goes through rule 1.2

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-26 09:19 AM
In response to Sergey_Anikeev
Jump to solution

Please show a full log card (mask sensitive data) where that happens (i.e. traffic matches 1.2).
Please also show the certificate used for the website in question when the traffic is accepted.

0 Kudos
Sergey_Anikeev
Contributor
‎2024-04-26 09:35 AM
In response to PhoneBoy
Jump to solution

1.JPG2.JPG

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-26 11:12 AM
In response to Sergey_Anikeev
Jump to solution

That only answers the first question.
For the second question, we'll need to know what the actual site you're trying to configure blocking on versus what the certificate for that site says.

0 Kudos
Sergey_Anikeev
Contributor
‎2024-04-27 12:33 AM
In response to PhoneBoy
Jump to solution

4.JPG

0 Kudos
PhoneBoy
Admin
Admin
‎2024-04-29 01:39 PM
In response to Sergey_Anikeev
Jump to solution

You're probably in TAC territory now: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend
‎2024-04-26 09:25 AM
In response to Sergey_Anikeev
Jump to solution

Just do wildcard, it will work.

Andy

0 Kudos
Sergey_Anikeev
Contributor
‎2024-04-26 09:35 AM
In response to the_rock
Jump to solution

I tried different options, but unfortunately it didn't solve the problem.

0 Kudos
the_rock
Legend
Legend
‎2024-04-26 09:45 AM
In response to Sergey_Anikeev
Jump to solution

If you are allowed to send me website in private message, so I can test it in the lab?

Andy

0 Kudos
Sergey_Anikeev
Contributor
‎2024-04-27 07:17 AM
In response to the_rock
Jump to solution

I don't see how you can test this given that the site is located in our perimeter.
Or did I misunderstand the question?

0 Kudos
the_rock
Legend
Legend
‎2024-04-24 10:24 AM
Jump to solution

You got the answer from phoneboy, for this, you 100% need https inspection.

Andy

0 Kudos
Lesley
Authority Authority
Authority
‎2024-04-24 12:02 PM
Jump to solution

URL is encrypted so what the other guys said I agree with. In this case it will be a 'reverse HTTPS inspection'.

So you need to intercept the traffic towards the public server 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events