URL Filtering: Can't Block website when user use Google Cache

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering: Can't Block website when user use Google Cache

L1 Bithead
Hello, all

I want to block a website whe user user google cache or yotube,facebook.

In the past i tested everything ok, Palo Alto could block when user use google cach or youtube.

But today, Palo Alto can't block website when user use google cache ( But can block youtube,facebook )

Pls help me know why!!

Palo Alto Block website www.youtube.com

Palo ALto Block when user use yotube.comm,facebook.com

BUT Palo Alto Can't Block when user use google cache !!!!!!!!!!!!!!

Thanks

 

1 accepted solution

Accepted Solutions

So we have divided internet users into 3 groups
 1) internet01 -full authorized ones
 2) internet02 - relatively restricted
 3)iternet03 - restricted
 YouTube, Facebook and other sites are blocked for internet03 (url filtering, url catagory, Social Networking, Streaming Media...)
The block we have set works normally, when the notebook is disconnected from the company network and the Internet is shared with the phone, when you open a YouTube video, save the video and return to the office network, the block does not work (google chrome cache (because it remains in the cache memory). Because the session is not updated, the block is not applied to YouTube and other websites we visit

View solution in original post

4 REPLIES 4

Hey @Vuqar.Musazada ,

So think about how URL filtering works - When user web request hit the firewall it will try to inspect the HTTP header to identify the requested URL. If the traffic is encrypted, firewall will use the SNI from TLS negotiation to figure out at least what domain/hostname the user has requested.

Once the URL is extracted firewall will try to categorize it and check if this selected category is allowed in your policy.

 

With Google cache user doesn't actually make a request for the required page, but instead he goes to webcache.googleusercontent.com. If you don't perform any SSL/TLS decryption firewall will only be able to get the SNI, which will be for the google webcache server, so URL filtering will think that user is going to google and will not have any visibilty what actual page is served from that cache.

 

In this case you can block any traffic to webcache.googleusercontent.com.  This way you will prevent any user to use google cache.

 

Now the URL for the actual page is still present as URL parameter so it should be possible to block the actual page only if you apply SSL decryption and firewall have visibility over the full user request.

We do as you said but it doesn't work

 

block1.PNG

So we have divided internet users into 3 groups
 1) internet01 -full authorized ones
 2) internet02 - relatively restricted
 3)iternet03 - restricted
 YouTube, Facebook and other sites are blocked for internet03 (url filtering, url catagory, Social Networking, Streaming Media...)
The block we have set works normally, when the notebook is disconnected from the company network and the Internet is shared with the phone, when you open a YouTube video, save the video and return to the office network, the block does not work (google chrome cache (because it remains in the cache memory). Because the session is not updated, the block is not applied to YouTube and other websites we visit

Hello,

        According to my testing, you also need to block "quic" app too. After then, you can block specific URLs even users are using google cache.

WPA
  • 1 accepted solution
  • 2827 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!