This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Moe_89
Contributor
‎2019-04-24 09:06 AM

URL Filtering for hosted services

Checkmates,

Can URLF work for websites/services published through Checkpoint ? For example, A web server hosted behind Checkpoint is published as abc.com on the internet. Can URLF policies be enforced on inbound traffic so that akamai, tor or any anonymizers can be blocked from accessing the hosted website. 

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-04-24 09:17 AM

If you want to block traffic coming from TOR addresses, this doesn't require URL Filtering. See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I'm curious what the use case is for blocking traffic from Akamai IPs since they usually serve as a cache.
I guess if they use a particular User Agent to reach your site, you could create an Application Control signature to check for that and block on it.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Note this will require using HTTPS Inspection if the site is available via HTTPS.
0 Kudos
Moe_89
Contributor
‎2019-04-24 09:51 AM
In response to PhoneBoy

Hi Dameon,
Thanks for your response. Akamai is just used as an example. We would want to block mainly anonymizers, TOR etc. We see many requests originating from servers trying to access content of the published site which we would like to block.

Not sure if creating one custom application signature would suffice because the site may be browsed from everywhere on the internet.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-04-26 10:13 AM
In response to Moe_89

In that case, it's best to block by IP and not use App Control/URL Filtering.

The SK I referred to previously is a starting point, another possible approach is: http://opendbl.net/#checkpoint.html

0 Kudos
Wolfgang
Authority
Authority
‎2019-04-26 11:53 AM

Mubarizuddin_Mo,

beside the recommendations of Dameon and following your original question.

Yes, URLF works too from external to internal webservers. It works in all directions.

We are using this to control access to some special URL-pathes on our webservers. To allow only special sources to special pathes.

Wolfgang

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top