Block internet access using Opera Mini

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Block internet access using Opera Mini

L3 Networker

Hi Gents,

I would like to configure palo Alto to block internet access via opera web browsers, as this browser can bypass my web-filter.

my Palo Alto License is only for Antivirus, Anti-Spyware, and Anti Vulnerability.

Regards,

1 accepted solution

Accepted Solutions

L4 Transporter

There is an app, opera-mini, which will detect the Opera Mini browser.  Opera mini operates by using a proxy server over SSL to retrieve all content.  Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible.  To block access just create a security policy with the opera-mini application and set the action to deny.

This application also covers the desktop Opera browser when used in the offroad mode.

View solution in original post

4 REPLIES 4

L7 Applicator

Palo Alto web filtering does not rely on any browser configuration.  Instead you would need to place the firewall in the final path that the traffic must cross on the way to the internet.  If the traffic crosses the firewall then a web filtering policy can be applied to the appropriate rule for the users.

The browser in use is not relevant, the web browsing traffic will be filtered per the configured rule.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L4 Transporter

There is an app, opera-mini, which will detect the Opera Mini browser.  Opera mini operates by using a proxy server over SSL to retrieve all content.  Enabling SSL decryption will break the connection so layer 7 inspection of this traffic is not possible.  To block access just create a security policy with the opera-mini application and set the action to deny.

This application also covers the desktop Opera browser when used in the offroad mode.

Thanks mate, great work.

it works very well.

In addition.. food for future thought.

When a web browser connects to any website, it sends what the browser is and version in the HTTP headers. You may be able to create a custom application which matches on that information and blocks it. You would want to test thoroughly but it may be possible.

You could also use the regex in the dlp engine to attempt this.

  • 1 accepted solution
  • 7021 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!