Solved: Re: Allow URL Path

D_W · ‎2022-12-19

Hi Mates,

is it possible to allow an URL like https://s3.sbg.perf.cloud.ovh.net/only_this_folder_and_everything_behind/* ?

I tried it already with a custom Application/Site but maybe i use the wrong syntax.

If it is possible how and also without https inspection?

Thx
David

PhoneBoy · ‎2022-12-19

It is impossible to allow that sort of access without HTTPS Inspection enabled.

View solution in original post

PhoneBoy · ‎2022-12-19

It is impossible to allow that sort of access without HTTPS Inspection enabled.

the_rock · ‎2022-12-20

Technically, yes, you could allow it even without https inspection enabled. That blade is never needed to add custom app site, as long as you have URLF blade enabled in the gateway, works fine. Inspection is more if you want firewall to intercept the traffic and "insert" its own cert that would get presented when pages are blocked and it makes sense to have it, since probably 99% of sites now days are indeed https.

I made this work in R81.10 and R81.20 lab just fine without https inspection on. Happy to do remote if you need help.

Best,
Andy

PhoneBoy · ‎2022-12-20

There’s a difference between:

Allowing access to https://www.example.com
Allowing access to https://www.example.com/my_secret_url and blocking all other access to https://www.example.com

The latter definitely requires HTTPS Inspection.
You can do the former with just HTTPS Categorization.

the_rock · ‎2022-12-20

Correct, but I made it work for all those scenarios in my lab even without inspection on. Obviously, you will never get block page without https inspection enabled.

Best,
Andy

D_W · ‎2022-12-21

Can you share your solution without https inspection?

G_W_Albrecht · ‎2022-12-21

How did you achieve allowing access to https://www.example.com/my_secret_url and blocking all other access to https://www.example.com without https inspection ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2022-12-21

Well, by spending many hours on it until I finally got it.

Best,
Andy

G_W_Albrecht · ‎2022-12-21

This does not answer my question at all. If you found a solution without https inspection you will get famous here, so why not disclose it ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2022-12-21

I dont care about being famous mate, not my motto in life, never been, haha. I wont disclose it, because Im 100% sure its totally unsupported anyway, I just wanted to prove to myself that it can work, which it did.

Best,
Andy

G_W_Albrecht · ‎2022-12-21

Honestly - I get a bad feeling when people tell me: Just send me a message privately and i will disclose an unsupported configuration to you. If you can explain it openly we can try ourselves if it really works for us, otherwise i would not talk about it at all...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

the_rock · ‎2022-12-21

Now that I think about, I agree, I will not share it with anyone, not because I dont want to, its because I know its totally UNSUPPORTED what I did, but works 100%.

Best,
Andy

Are you a member of CheckMates?

Allow URL Path