URI filtering on incoming HTTP/HTTPS requests

Started by LynK, January 05, 2017, 10:56:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

LynK

January 05, 2017, 10:56:05 AM
Does anyone know if there is a FW vendor that can do this natively? Microsoft TMG (which we currently use) can do this. On incoming public requests we unencrypt HTTPS traffic look at the URI header and we can block based upon its pathing.

So for example, a client tries to go to www.google.com

we inspect it, and it goes through

client tries to go to www.google.com/admin

and it gets blocked.

I am having a hard time finding a product that can do this, while also being a traditional NGFW
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

mlan

#1
January 05, 2017, 02:59:49 PM
Most of the big NGFW vendors support SSL decryption with URI/URL filtering, but it does impact performance.  Cisco, Palo Alto, and Fortinet all sell some flavor of this.  For smaller scale, check out Smoothwall, although I have not used their NGFW product before.

LynK

#2
January 06, 2017, 08:48:19 AM
URI filtering on INCOMING connections? Not outgoing content filtering.
Sys Admin: "You have a stuck route"
            Me: "You have an incorrect Default Gateway"

Otanx

#3
January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx

deanwebb

#4
January 06, 2017, 11:15:33 AM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx


True. It all depends on what the firewall is told to do. Out of the box, it doesn't know its back from its front.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

#5
January 06, 2017, 12:34:12 PM
Quote from: deanwebb on January 06, 2017, 11:15:33 AM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx


True. It all depends on what the firewall is told to do. Out of the box, it doesn't know its back from its front.


LoL on one of ours we have untrusted traffic coming in on the inside interface and exiting the DMZ interface...
:professorcat:

My Moral Fibers have been cut.

wintermute000

#6
January 08, 2017, 03:06:33 PM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx
This
Print
Go Up Pages1
User actions