Webmail Control via URL

Reply
L0 Member

Webmail Control via URL

Can paloalto control the sending of web mail?

 

i want to make it impossible to send out from the webmail.

There is a service called Naver that provides web mail like Google.

for example,

 

The URL for sending is as follows.

mail.naver.com/n=111113333&v=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D

 

I created a policy using the URL category.
mail.naver.com/^=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D

mail.naver.com/*=f#%7B"fClass"%3A"write"%2C"oParameter"%3A%7B"orderType"%3A"new"%2C"sMailList"%3A""%7D%7D

 

I would like to set a policy that is impossible to send through the URL.

 

 

The results of the URL test were not blocked.

Using the http protocol and using 80 ports. Is it possible to implement it?

If there's anything I missed, give me some advice

 

I also wonder if the gmail can also be controlled.

It was not long after I started the Palo Alto firewall. I hope you understand.

L2 Linker

Re: Webmail Control via URL

Hi mojunhwan,

 

The best way of blocking naver is by application, but there are other ways as well.

 

1. Create a security rule that blocks/denies the app naver-mail. But this rule will maybe require you to have an outgoing decrypt rule to actually see this app over ssl/443. Port 80 would be fine.

 

Two other ways of blocking naver:

2. Create a FQDN address object called mail.naver.com with FQDN=mail.naver.com and put this in a security rule on destination server with action equal reset-client or reset.both.

 

3. Create a custom URL-category called "Denied URLs" and but the url *.naver.com in this URL-category. On the outgoing allowed rule for the clients add this URL-category to the URL filtering profil (in the security profile) with a Site Access set to "Block".

 

- Kim

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!