01-12-2015 11:21 PM
Hi All
We have a requirement to restrict the user agent through palo alto firewall.For example allow web-browsing only from internet explorer 10 and not from any other version of IE or from any other browser like firefox or google chrome.Kindly advise this is possible and how
Regards
Anvar
01-12-2015 11:28 PM
Hi injazat-soc
Did you go through this document: How to Block Google Chrome
Look for the user-agent for IE 10 requests and allow that application only.
Hope it helps!
01-13-2015 12:51 AM
injazat-soc,
We currently do not have any defined applications for Internet Explorer, Google Chrome or Firefox. I have seen it setup where Google Chrome can be blocked, due to a custom signature that you can create, as mentioned above by @bat.
We could make a rule to allow Internet Explorer only, once we create a signature that will trigger the rule, yet we would also have to create another 'deny' rule to block every other browser. So to accomplish this, we are looking at creating a signature for almost every browser you can think of, in order to allow traffic only to Internet Explorer. To go a step further, we would have to determine how to create a signature that could differentiate between browser version, which may not be viable.
The firewall is unaware of the browser the user will be browsing the internet with. It only knows that it is passing traffic on port 80, or 443.
Hope this clarified a few things.
Thanks!
Please do not forget to mark any 'helpful' or 'correct' answers.
01-21-2016 03:13 AM
The pattern for chrome used says only "Pattern: Chrome/"
We try to do the same but for internet explorer.
We want to allow Chrome but not Internet Explorer.
What "Pattern: " should we use ?
Should we be looking at user-agent ?
02-29-2016 02:50 PM - edited 02-29-2016 02:54 PM
Hi Mariusz,
yes, you should be looking at user agent strings. You have a pretty good list here to start with: http://useragentstring.com/pages/useragentstring.php
You don't need to block "all" browsers, just those that might be installed onto your systems, right? If that is corporate or whatever domained environment, you need to block several versions of IE explorer that preceed IE10, so you need to add five-six "OR" rules to a first example like that one with Chrome, and your agent lists need to have at least 7 characters. You can do that with blocking separately "MSIE\ 6\.", than "MSIE\ 5.", whatever - 7, 8, 4, 3 2. You have 7 characters there, "MSIE 6." but you are escaping blank space and dot with backspace.
Edit: I just re-read your last question 🙂
If you want to block just IE, you can do that with "atible;\ MSIE" - will do the trick to catch (m)any versions of IE. If not, see what you have and play with it.
You have somewhat technical document here: https://live.paloaltonetworks.com/t5/Documentation-Articles/Creating-Custom-Threat-Signatures/ta-p/5... that describes all your possibilities for matching (you are specifically matching here a "http-req-headers" that is described in that document) and at the end of the document you can find an explanation on regular expressions that are used for pattern-match.
Best regards
Luciano
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
