This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JPR
Contributor
‎2024-05-02 02:26 AM

Blocking sites doesn't work as intended

Hi all,

I have rule that blocks Google Cloud Platform that consists of an inline rule that allows traffic to the following URLS in order for a specific site to work properly:

storage.googleapis.com/trafikkort-data/

storage.googleapis.com/trafikkort-tiles/

It's an allow rule with a Custom Application Site like this:

picture.png

 

The actual URLs is more than that, so e.g. storage.googleapis.com/trafikkort-data/something/something/something.json

In the logs it seems as by allowing these two URLs above I am allowing other traffic to storage.googleapis.com/something/something as well, which is not what I want.

I have tried several ways of formatting and posts here and sk106623, but doesn't seem to get it right.

If anyone knows what it takes, it'd be much appreciated 🙂

0 Kudos
8 Replies
the_rock
Legend
Legend
‎2024-05-02 05:03 AM

I would simply try *googleapis* or something like that, as long as you are sure you want to block everything from those sites. Maybe try that for one or group of users and test.

Andy

 

JPR
Contributor
‎2024-05-03 06:29 AM
In response to the_rock

I'll have to look into that on Monday. Thanks though!

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2024-05-03 05:46 AM

Path after FQDN is not relevant/supported in my knowledge

did you try regex?

please take a look here too https://support.checkpoint.com/results/sk/sk174194

 
the_rock
Legend
Legend
‎2024-05-03 05:50 AM
In response to CheckPointerXL

Not sure how relevant it is, but Im sure it is supported.

0 Kudos
JPR
Contributor
‎2024-05-03 06:31 AM
In response to CheckPointerXL

I'll have to look into that on Monday. Thanks!

0 Kudos
the_rock
Legend
Legend
‎2024-05-03 05:57 AM

Forgot to ask, do you have ssl inspection enabled?

Andy

JPR
Contributor
‎2024-05-03 06:29 AM
In response to the_rock

Yes, using HTTPS Inspection.

0 Kudos
the_rock
Legend
Legend
‎2024-05-03 06:31 AM
In response to JPR

In my experience, cause this might be easy to overlook, make sure its not bypassed in https inspection policy. 

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events