Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_W
Advisor
Jump to solution

Allow URL Path

Hi Mates,

is it possible to allow an URL like https://s3.sbg.perf.cloud.ovh.net/only_this_folder_and_everything_behind/* ?

I tried it already with a custom Application/Site but maybe i use the wrong syntax.

If it is possible how and also without https inspection?

 

Thx
David

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

It is impossible to allow that sort of access without HTTPS Inspection enabled.

View solution in original post

11 Replies
PhoneBoy
Admin
Admin

It is impossible to allow that sort of access without HTTPS Inspection enabled.

the_rock
Legend
Legend

Technically, yes, you could allow it even without https inspection enabled. That blade is never needed to add custom app site, as long as you have URLF blade enabled in the gateway, works fine. Inspection is more if you want firewall to intercept the traffic and "insert" its own cert that would get presented when pages are blocked and it makes sense to have it, since probably 99% of sites now days are indeed https.

I made this work in R81.10 and R81.20 lab just fine without https inspection on. Happy to do remote if you need help.

0 Kudos
PhoneBoy
Admin
Admin

There’s a difference between:

The latter definitely requires HTTPS Inspection.
You can do the former with just HTTPS Categorization.

0 Kudos
the_rock
Legend
Legend

Correct, but I made it work for all those scenarios in my lab even without inspection on. Obviously, you will never get block page without https inspection enabled.

0 Kudos
D_W
Advisor

Can you share your solution without https inspection?

0 Kudos
G_W_Albrecht
Legend
Legend

How did you achieve allowing access to https://www.example.com/my_secret_url and blocking all other access to https://www.example.com without https inspection ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend

Well, by spending many hours on it until I finally got it.

0 Kudos
G_W_Albrecht
Legend
Legend

This does not answer my question at all. If you found a solution without https inspection you will get famous here, so why not disclose it ?

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend

I dont care about being famous mate, not my motto in life, never been, haha. I wont disclose it, because Im 100% sure its totally unsupported anyway, I just wanted to prove to myself that it can work, which it did.

0 Kudos
G_W_Albrecht
Legend
Legend

Honestly - I get a bad feeling when people tell me: Just send me a message privately and i will disclose an unsupported configuration to you. If you can explain it openly we can try ourselves if it really works for us, otherwise i would not talk about it at all...

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend

Now that I think about, I agree, I will not share it with anyone, not because I dont want to, its because I know its totally UNSUPPORTED what I did, but works 100%.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events