07-06-2011 09:14 AM
Hi,
I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My question is, i have blocked adult-and-pornography, why can i get to a dirty website, shouldn't palo pick that up. please advice, as one of the users needs translation allowed, but what i explained above is just one of the exploit...
cheers
Bhavin
07-06-2011 04:43 PM
bhavin_bhatt wrote:
Hi,
I just came across something quite interesting. A user needs to be able to translate a decent url, but by default translation is blocked by PaloAlto. Once you configure PaloAlto to allow translation, you can actually go into google translate, and translate an adult website into another language and view it within Google translate's page. My question is, i have blocked adult-and-pornography, why can i get to a dirty website, shouldn't palo pick that up. please advice, as one of the users needs translation allowed, but what i explained above is just one of the exploit...
cheers
Bhavin
Simple - because *you* are not going to the dirty web site - Google translate is.
You're hitting the Google translate page, and by your own admission you've configured the PA to allow access to it. The PA is doing exactly what it's supposed to - allowing access to the translate page.
Think of it as visiting the adult page by proxy.
Cheers
07-07-2011 01:10 AM
Hi,
PaloAlto being the next generation layer 7 inclusive firewall, it should be able to pickup on adult content (for example) through a translated page. i would like to bring to your attention, that other proxy's like websense can detect malicious activity through a translated page. is this a bug in the way PaloAlto inspects ? cause if adult category is blocked, and translation category is allowed, ideally one shouldnt be able to tunnel blocked categories through an allowed one... doesnt make much sense 😞
cheers
Bhav
07-07-2011 05:21 PM
Hi Bhavin,
Thanks for the feedback. As a previous user mentioned, this is currently behaving as-designed since the URL filtering is categorizing against the domain (translate.google.com), while Google requests and serves the translated content. We are aware of this limitation and are investigating ways in which to best address this.
Thanks,
Doris
07-13-2011 12:53 AM
Hi Doris,
Thanks for your response, any rough idea when we can get an update on this.. because a layer 7 firewall would be expected to detect everything in the browser.. being able to tunnel blocked stuff through an allowed category is kind of unacceptable, the argument being that products like websense (i have tested myself) can detect this, so why cant the PaloAlto.
Please enlighten me on how the PaloAlto checks URLs/content etc, so that i can try and figure out a work around for this issue that is really holding up work.
Cheers
Bhav
07-13-2011 04:06 AM
Hi,
PA doesn't do live content scanning for classification (it checks for other things like viruses and vulnerabilities of course)
What would be a good idea may be : if you catch a URL like "http://translate.google.com?site=www.porn.com", then consider URL "www.porn.com" instead of original URL.
07-14-2011 06:04 AM
Hi,
This is exactly what i am talking about, the porn site--> adult-and-pornography is blocked, and translation category is allowed, ideally i would like to see the block page for www.porn.com, and not a web page displaying stuff not in entirety but still.
cheers
Bhav
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
