This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Block internet access using Opera Mini

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block internet access using Opera Mini

Go to solution
homicidedart
L3 Networker

‎08-16-2014 03:57 AM

Hi Gents,

I would like to configure palo Alto to block internet access via opera web browsers, as this browser can bypass my web-filter.

my Palo Alto License is only for Antivirus, Anti-Spyware, and Anti Vulnerability.

Regards,

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
kfindlen
L4 Transporter

‎08-18-2014 09:57 AM

There is an app, opera-mini, which will detect the Opera Mini browser.  Opera mini operates by using a proxy server over SSL to retrieve all content.  Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible.  To block access just create a security policy with the opera-mini application and set the action to deny.

This application also covers the desktop Opera browser when used in the offroad mode.

View solution in original post

4 REPLIES 4

Go to solution
pulukas
L7 Applicator

‎08-16-2014 04:26 AM

Palo Alto web filtering does not rely on any browser configuration.  Instead you would need to place the firewall in the final path that the traffic must cross on the way to the internet.  If the traffic crosses the firewall then a web filtering policy can be applied to the appropriate rule for the users.

The browser in use is not relevant, the web browsing traffic will be filtered per the configured rule.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Go to solution
kfindlen
L4 Transporter

‎08-18-2014 09:57 AM

There is an app, opera-mini, which will detect the Opera Mini browser.  Opera mini operates by using a proxy server over SSL to retrieve all content.  Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible.  To block access just create a security policy with the opera-mini application and set the action to deny.

This application also covers the desktop Opera browser when used in the offroad mode.

Go to solution
homicidedart
L3 Networker
In response to kfindlen

‎08-19-2014 03:45 AM

Thanks mate, great work.

it works very well.

0 Likes Likes

Go to solution
SDorsey
L4 Transporter
In response to homicidedart

‎08-19-2014 05:37 PM

In addition.. food for future thought.

When a web browser connects to any website, it sends what the browser is and version in the HTTP headers. You may be able to create a custom application which matches on that information and blocks it. You would want to test thoroughly but it may be possible.

You could also use the regex in the dlp engine to attempt this.

  • 1 accepted solution
  • 7443 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks