topic Re: Custom URL Filtering in General Topics

Custom URL Filtering

TDC — Thu, 28 Mar 2013 00:20:37 GMT

Hi All

I am trying to get customer URL filtering working and it's not making much sense to me.

What I need to do is protect the Exchange server by allowing only connections to OWA and not ECP etc.

I've created a Customer URL Category called 'OWA Sites' and listed the following as sites (note there are no external URLs to go off as the external URL is currently pointing at an ISA server):

www.xxx.yyy.zzz/owa

server.mydomain.co.nz/owa

I've then created another Custom URL Category called 'OWA Sites Blocked' and listed the following sites:

www.xxx.yyy.zzz/ecp

server.mydomain.co.nz/ecp

I've then setup a URL Filtering Profile and selected 'allow' next to 'OWA Sites' and 'block' next to 'OWA Sites Blocked'

Finaly a rule was setup to allow the appropriate traffic to the exchange server and the new filtering profile was selected in Profile Settings section.

Now if I goto the site www.xxx.yyy.zzz/owa I get a security certificate error (understandable) and then get prompted to login - as planned.

If I go to the site www.xxx.yyy.zzz/ecp I get the certificate error and then can log in to the ECP site. Surely the filtering profile should have blocked the site?

I've then gone and set the profile type to 'none' and then used the URL filter within the services/URL category tab of the rule to see if I can control it that way but no, I can't get onto either site now.

Anyone got any ideas on what I'm doing wrong?

How are you controlling the access to the Exchange sites?

We're using 5.0.3.

Cheers

Alan

Re: Custom URL Filtering

Retired Member — Thu, 28 Mar 2013 07:08:59 GMT

Did you choose any application with that rule ?

When you go to both sites did you look for the traffic that both matches the same rule ?

Re: Custom URL Filtering

goku123 — Thu, 28 Mar 2013 17:41:31 GMT

Do both the sites:

/ecp &/owa use the same certificate?

If you try to access a website over SSL, then firewall pulls the CN of the certificate and tries to apply the URL filter to it since the firewall cannot look inside the SSL tunnel.

Try adding SSL decryption for traffic going to the server and see if that makes any difference?

Re: Custom URL Filtering

TDC — Mon, 01 Apr 2013 22:37:12 GMT

Hi bulent and achitwadgi

Thanks for the replys. Sorry for not replying sooner but its been a long weekend.

Yes, I chose Outlook-web, SSL and Web-Browsing. All traffic gets seen as SSL to port 443.

I'm not using a certificate at the moment and yes the traffic gets seen going to the FQDN of the server (thanks for the info on the pulling of the CN from the cert) so I'll look at adding SSL decryption to pop open the traffic and see if that helps.

I noticed that the logs generated indicated that the URL being seen is the FQDN of the server without the '/ecp' or '/owa/' so the path seems to being dropped or ignored on the request. In my custom URL filter I include the path so when I look the logs the URL is listed as 'unknown'. When I removed the path from the URL in the custom filter it gets clasified correctly as the custom URL.

I'll continue to look at the SSL decryption and how that will help but if anyones got any ideas why the paths are being ignored I'd love to here them.

Cheers for all the support.

Alan