topic Re: Block Brave Borwser in General Topics

Block Brave Borwser

HilalWani — Tue, 25 Jan 2022 08:44:54 GMT

Hello,

I have noticed that some of our employees are using a brave browser and can easily open blocked websites like Facebook, crypto, games etc. what's the way to block brave browsers.

Thanks:

Re: Block Brave Borwser

nikoolayy1 — Tue, 25 Jan 2022 14:30:55 GMT

Maybe write an application signature that matches the User-Agent header. you can use as an examples:

Create a Custom Application (paloaltonetworks.com)

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK

My article for referer header but the principle is the same, just find what is the User-agent string for the browser you want to block:

LIVEcommunity - Knowledge sharing: Version 10 no 7 byte limit for sinatures examples for Layer 7 (L7) DDOS/Brute force protection and referer match - LIVEcommunity - 394734 (paloaltonetworks.com)

Better if you have EDR/Endpoint Protection or Active Directory to block and delete the browser software on the endpoints themselves.

Re: Block Brave Borwser

BPry — Wed, 26 Jan 2022 03:48:54 GMT

@HilalWani,

Don't use the firewall to do something it wasn't ever designed to do. User-Agent strings are just that, strings, easily modified in any browser to bypass any restriction you put in place. If your employees are already using Brave to bypass filtering you can also ensure that they'll quickly find out you can modify the User-Agent string to whatever they want and bypass your block.

Instead, do as @nikoolayy1 mentioned at the tale end of his post and use something on the endpoint to block installation of Brave outright. If you have utilize Windows and Active Directory you can easily activate AppLocker and block any publisher you want through AppLocker rules and GPO. Intune and other MDMs can do the same, and the vast majority of Antivirus or EDR solutions can do the exact same thing as long as you have something actively installed and managing these endpoints.

Re: Block Brave Borwser

JGriessmeier — Wed, 26 Jan 2022 10:45:01 GMT

Hi,

i think the employees use the "Tor Tabs" Feature. see https://brave.com/privacy-features/

So your approach should not to "Block Brave" but Block Tor connections.

Greetings

Re: Block Brave Borwser

HilalWani — Wed, 26 Jan 2022 12:01:53 GMT

Coudl you please show me how can i block Tor

Re: Block Brave Borwser

Paulo_Cesar_Saboia — Mon, 24 Mar 2025 14:49:17 GMT

To effectively block the TOR network on firewalls, you can use EDL, I have left a list from the Tor project

https://www.dan.me.uk/torlist/

Block the above list using EDL (external Dynamic list) with an update period of every 24 hours.

Re: Block Brave Borwser

OtakarKlier — Wed, 26 Mar 2025 17:03:24 GMT

Hello,

I would not recommend a custom application as this disabled a lot of the real-time active threat scanning for that policy its applied to. You can instead block applications that are already existing to prevent its use. I know that it uses DNS over HTTPs so blocking that should prevent most users.

Also enabling SSL decryption and URL filtering should block most features and destinations the users are attempting to access.

Regards,

Re: Block Brave Borwser

OtakarKlier — Wed, 26 Mar 2025 17:09:11 GMT

Hello,

For blocking TOR, I would recommend two things:

Use the External Dynamic List to block TOR traffic
1. https://docs.paloaltonetworks.com/network-security/security-policy/administration/objects/external-dynamic-lists/enforce-policy-on-an-external-dynamic-list
2. There should be one for TOR exist nodes built in.
Only allow known applications:
1. SSL, HTTPs, etc.

Regards,