translation vs url block/threat block

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

translation vs url block/threat block

Not applicable

Hi,

I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My question is, i have blocked adult-and-pornography, why can i get to a dirty website, shouldn't palo pick that up. please advice, as one of the users needs translation allowed, but what i explained above is just one of the exploit...

cheers

Bhavin

6 REPLIES 6

L4 Transporter

bhavin_bhatt wrote:

Hi,

I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My question is, i have blocked adult-and-pornography, why can i get to a dirty website, shouldn't palo pick that up. please advice, as one of the users needs translation allowed, but what i explained above is just one of the exploit...

cheers

Bhavin

Simple - because *you* are not going to the dirty web site - Google translate is.

You're hitting the Google translate page, and by your own admission you've configured the PA to allow access to it. The PA is doing exactly what it's supposed to - allowing access to the translate page.

Think of it as visiting the adult page by proxy.

Cheers

Hi,

PaloAlto being the next generation layer 7 inclusive firewall, it should be able to pickup on adult content (for example) through a translated page. i would like to bring to your attention, that other proxy's like websense can detect malicious activity through a translated page. is this a bug in the way PaloAlto inspects ? cause if adult category is blocked, and translation category is allowed, ideally one shouldnt be able to tunnel blocked categories through an allowed one... doesnt make much sense  😞

cheers

Bhav

Hi Bhavin,

Thanks for the feedback.  As a previous user mentioned, this is currently behaving as-designed since the URL filtering is categorizing against the domain (translate.google.com), while Google requests and serves the translated content.  We are aware of this limitation and are investigating ways in which to best address this.

Thanks,

Doris

Hi Doris,

Thanks for your response, any rough idea when we can get an update on this.. because a layer 7 firewall would be expected to detect everything in the browser.. being able to tunnel blocked stuff through an allowed category is kind of unacceptable, the argument being that products like websense (i have tested myself) can detect this, so why cant the PaloAlto.

Please enlighten me on how the PaloAlto checks URLs/content etc, so that i can try and figure out a work around for this issue that is really holding up work.

Cheers

Bhav

Hi,

PA doesn't do live content scanning  for classification (it checks for other things like viruses and vulnerabilities of course)

What would be a good idea may be :  if you catch a URL like "http://translate.google.com?site=www.porn.com", then consider URL "www.porn.com" instead of original URL.

Hi,

This is exactly what i am talking about, the porn site--> adult-and-pornography is blocked, and translation category is allowed, ideally i would like to see  the block page for www.porn.com, and not a web page displaying stuff not in entirety but still.

cheers

Bhav

  • 5184 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!