- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-15-2018 07:17 AM
Hello,
I'm struggling to block some internal https sites.
I have to block various sites/urls of a server from a specific zone, while I have to keep some others open
The urls look like:
https://servername.suff.dom:8443/aaa/bbb/ccc/ddd/eeeee_ff_application1
Now I have to block application1 to application 4, while keeping 5 to xx open. Btw I dont know how many applications there are on this host, because it is managed by another team.
So the goal is to keep the access open and block specific application-urls
What I have done so far and didnt work out:
Created a custom URL category with the urls to block in it and added it to a deny rule
Created an URL Filter setting all categories to allow and added the urls to the block list
Tried various url substrings:
servername.suff.dom:8443/aaa/bbb/ccc/ddd/eeeee_ff_application1
aaa/bbb/ccc/ddd/eeeee_ff_application1
/aaa/bbb/ccc/ddd/eeeee_ff_application1
Do you have any ideas how to do that?
Kind regards,
philip
03-15-2018 07:35 AM
Of course I have an decryption policy otherwise I couldnt check the full url.
kind regards,
Philip
03-15-2018 07:42 AM
That's what I wanted to check, some thing that the firewall can see the full URL regardless of whether or not they decrypt the traffic.
03-15-2018 07:50 AM - edited 03-15-2018 07:50 AM
Hi,
thanks for the help! Maybe I was working too much today 🙂 Found the fault, regardless it was mine - there was a typo in the fqdn of the object....
kind reagards,
Philip
03-15-2018 07:50 AM
I was trying to think of reasons why it wasn't working and couldn't really come up with any. Glad that you found the typo!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!