09-22-2022 10:33 PM
Hello, all
I want to block a website whe user user google cache or yotube,facebook.
In the past i tested everything ok, Palo Alto could block when user use google cach or youtube.
But today, Palo Alto can't block website when user use google cache ( But can block youtube,facebook )
Pls help me know why!!
Palo Alto Block website www.youtube.com
Palo ALto Block when user use yotube.comm,facebook.com
BUT Palo Alto Can't Block when user use google cache !!!!!!!!!!!!!!
Thanks
09-23-2022 12:51 AM
So we have divided internet users into 3 groups
1) internet01 -full authorized ones
2) internet02 - relatively restricted
3)iternet03 - restricted
YouTube, Facebook and other sites are blocked for internet03 (url filtering, url catagory, Social Networking, Streaming Media...)
The block we have set works normally, when the notebook is disconnected from the company network and the Internet is shared with the phone, when you open a YouTube video, save the video and return to the office network, the block does not work (google chrome cache (because it remains in the cache memory). Because the session is not updated, the block is not applied to YouTube and other websites we visit
09-22-2022 11:21 PM
Hey @Vuqar.Musazada ,
So think about how URL filtering works - When user web request hit the firewall it will try to inspect the HTTP header to identify the requested URL. If the traffic is encrypted, firewall will use the SNI from TLS negotiation to figure out at least what domain/hostname the user has requested.
Once the URL is extracted firewall will try to categorize it and check if this selected category is allowed in your policy.
With Google cache user doesn't actually make a request for the required page, but instead he goes to webcache.googleusercontent.com. If you don't perform any SSL/TLS decryption firewall will only be able to get the SNI, which will be for the google webcache server, so URL filtering will think that user is going to google and will not have any visibilty what actual page is served from that cache.
In this case you can block any traffic to webcache.googleusercontent.com. This way you will prevent any user to use google cache.
Now the URL for the actual page is still present as URL parameter so it should be possible to block the actual page only if you apply SSL decryption and firewall have visibility over the full user request.
09-23-2022 12:29 AM
We do as you said but it doesn't work
09-23-2022 12:51 AM
So we have divided internet users into 3 groups
1) internet01 -full authorized ones
2) internet02 - relatively restricted
3)iternet03 - restricted
YouTube, Facebook and other sites are blocked for internet03 (url filtering, url catagory, Social Networking, Streaming Media...)
The block we have set works normally, when the notebook is disconnected from the company network and the Internet is shared with the phone, when you open a YouTube video, save the video and return to the office network, the block does not work (google chrome cache (because it remains in the cache memory). Because the session is not updated, the block is not applied to YouTube and other websites we visit
05-28-2023 09:22 PM
Hello,
According to my testing, you also need to block "quic" app too. After then, you can block specific URLs even users are using google cache.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
