topic Re: Allow one URL out of many sharing an IP in General Topics

Allow one URL out of many sharing an IP

rcaduser — Fri, 06 Nov 2015 18:44:39 GMT

We're faced with a bit of a challenge. We blocked a GoDaddy-Hosting IP for sending malicious traffic to our campus. Faculty later complained that a site they rely on is hosted with the same IP. I've attempted many different configurations with IP filtering, URL whitelisting etc, but can't quite arrive at a simple working solution (Plan B is blacklisting every other known URL that shares the IP... not elegant). We'd like to block traffic to and from that IP and campus, but allow connections to be made from within campus to the one legitimate URL.

Re: Allow one URL out of many sharing an IP

Raido_Rattameister — Sat, 07 Nov 2015 00:17:47 GMT

So your users need to access one website on this bad IP?

Why don't you create rule to allow traffic to that FQDN and then second rule below that to block any traffic towards that bad IP?

Re: Allow one URL out of many sharing an IP

reaper — Mon, 09 Nov 2015 08:25:07 GMT

allowing access to the FQDN (through an FQDN address object) will open access to the IP rather than the URL.

You can resolve this by creating a custom category containing the url, then use that category in the security policy's service/URLcategory tab, then a second rule below that, that drops all other traffic to that IP