- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- URL Filtering for hosted services
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
URL Filtering for hosted services
Checkmates,
Can URLF work for websites/services published through Checkpoint ? For example, A web server hosted behind Checkpoint is published as abc.com on the internet. Can URLF policies be enforced on inbound traffic so that akamai, tor or any anonymizers can be blocked from accessing the hosted website.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm curious what the use case is for blocking traffic from Akamai IPs since they usually serve as a cache.
I guess if they use a particular User Agent to reach your site, you could create an Application Control signature to check for that and block on it.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note this will require using HTTPS Inspection if the site is available via HTTPS.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your response. Akamai is just used as an example. We would want to block mainly anonymizers, TOR etc. We see many requests originating from servers trying to access content of the published site which we would like to block.
Not sure if creating one custom application signature would suffice because the site may be browsed from everywhere on the internet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In that case, it's best to block by IP and not use App Control/URL Filtering.
The SK I referred to previously is a starting point, another possible approach is: http://opendbl.net/#checkpoint.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mubarizuddin_Mo,
beside the recommendations of Dameon and following your original question.
Yes, URLF works too from external to internal webservers. It works in all directions.
We are using this to control access to some special URL-pathes on our webservers. To allow only special sources to special pathes.
Wolfgang
