URL Filtering For Inbound Servers

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering For Inbound Servers

L4 Transporter

Hi Team,

 

will it actually make sense to apply the URL Filtering for the Inbound traffic to our Internal Server?

Snow
4 REPLIES 4

Community Team Member

Hi @SubaMuthuram ,

 

I see one use-case where you could apply URL filtering to restrict the incoming URL to something specific ... in order to prevent folder hopping or directory searching.

 

Cheers,

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

@SubaMuthuram,

There's some very specific scenarios where it can be useful in certain edge cases, but it's not generally something that I would worry about. Generally speaking creating custom App-IDs, and where needed vulnerability signatures for something like ECP in an on-prem Exchange environment, is more useful for the vast majority of environments. 

L4 Transporter

Hi Team,

 

Thanks for the reply, One of our client has the below issue, Whenever they trying to access their internal server from outside, in the URL filtering the traffic is categorized as Adult category and the URL showing xnxx.com

 

Please refer the below image,

 

SubaMuthuram_0-1648466341372.png

Please enlighten me what is the logic behind this, Is it indicating the traffic from malicious IP address. 

Snow

Cyber Elite
Cyber Elite

in the URL the customer is using, does it contain xnxx.com in any way? you may need to disable "log container pages only" in the url filtering profile to see this information

 

you could try the following:

create a custom url category containing the right URLs for the internal webserver

set the custom category in the services/url tab of the security rule

remove the url filtering profile from the security profiles

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 6007 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!