Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: LynK on January 05, 2017, 10:56:05 AM

Title: URI filtering on incoming HTTP/HTTPS requests
Post by: LynK on January 05, 2017, 10:56:05 AM
Does anyone know if there is a FW vendor that can do this natively? Microsoft TMG (which we currently use) can do this. On incoming public requests we unencrypt HTTPS traffic look at the URI header and we can block based upon its pathing.

So for example, a client tries to go to www.google.com

we inspect it, and it goes through

client tries to go to www.google.com/admin

and it gets blocked.

I am having a hard time finding a product that can do this, while also being a traditional NGFW
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: mlan on January 05, 2017, 02:59:49 PM
Most of the big NGFW vendors support SSL decryption with URI/URL filtering, but it does impact performance.  Cisco, Palo Alto, and Fortinet all sell some flavor of this.  For smaller scale, check out Smoothwall, although I have not used their NGFW product before.
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: LynK on January 06, 2017, 08:48:19 AM
URI filtering on INCOMING connections? Not outgoing content filtering.
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: deanwebb on January 06, 2017, 11:15:33 AM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx


True. It all depends on what the firewall is told to do. Out of the box, it doesn't know its back from its front.
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: icecream-guy on January 06, 2017, 12:34:12 PM
Quote from: deanwebb on January 06, 2017, 11:15:33 AM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx


True. It all depends on what the firewall is told to do. Out of the box, it doesn't know its back from its front.


LoL on one of ours we have untrusted traffic coming in on the inside interface and exiting the DMZ interface...
Title: Re: URI filtering on incoming HTTP/HTTPS requests
Post by: wintermute000 on January 08, 2017, 03:06:33 PM
Quote from: Otanx on January 06, 2017, 10:07:19 AM
Incoming URI inspection is more of a A10/F5 application firewall/load balancer thing than NGFW. However, I would think you should just be able to turn on URL/URI filtering inbound, and setup a white/black list. I don't know of any reason you couldn't tell the NGFW to inspect in any direction you want.

-Otanx
This
Text only | Text with Images