Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sergey_Anikeev
Contributor
Jump to solution

Access from internet for URL path

Hello colleague!

Please help me understand how to implement the following settings.

Our system
SMS Gaia R81.20
ClusterXL Gaia R81.10


Our Web resource has been published on the Internet and is available at (as an example)
https://web-site.com/

We want to leave access only for this path (from Internet)
https://web-site.com/folder/data/

and deny access along the path:
https://web-site.com/folder/catalog/


Is this possible to do using rules on the gateway?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Yes, using a custom application/site and HTTPS Inspection (required to see the URLs accessed).

View solution in original post

15 Replies
PhoneBoy
Admin
Admin

Yes, using a custom application/site and HTTPS Inspection (required to see the URLs accessed).

Sergey_Anikeev
Contributor

Am I correct in understanding that the rule structure itself should look like this (as an example)?

1.JPG


P.S.

SSL inspections activated.

0 Kudos
the_rock
Legend
Legend

That should work or what I always do is say you want to block anything facebook, I just put it as *facebook* in URL list.

Andy

0 Kudos
Sergey_Anikeev
Contributor

Unfortunately rule 1.1 does not work.
The traffic eventually goes through rule 1.2

0 Kudos
PhoneBoy
Admin
Admin

Please show a full log card (mask sensitive data) where that happens (i.e. traffic matches 1.2).
Please also show the certificate used for the website in question when the traffic is accepted.

0 Kudos
Sergey_Anikeev
Contributor

1.JPG2.JPG

0 Kudos
PhoneBoy
Admin
Admin

That only answers the first question.
For the second question, we'll need to know what the actual site you're trying to configure blocking on versus what the certificate for that site says.

0 Kudos
Sergey_Anikeev
Contributor

4.JPG

0 Kudos
PhoneBoy
Admin
Admin

You're probably in TAC territory now: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend

Just do wildcard, it will work.

Andy

0 Kudos
Sergey_Anikeev
Contributor

I tried different options, but unfortunately it didn't solve the problem.

0 Kudos
the_rock
Legend
Legend

If you are allowed to send me website in private message, so I can test it in the lab?

Andy

0 Kudos
Sergey_Anikeev
Contributor

I don't see how you can test this given that the site is located in our perimeter.
Or did I misunderstand the question?

0 Kudos
the_rock
Legend
Legend

You got the answer from phoneboy, for this, you 100% need https inspection.

Andy

0 Kudos
Lesley
Leader Leader
Leader

URL is encrypted so what the other guys said I agree with. In this case it will be a 'reverse HTTPS inspection'.

So you need to intercept the traffic towards the public server 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events