cancel
Showing results for 
Search instead for 
Did you mean: 

URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

P.S. I've tried my rules on top level of fw rules.

Have anyone ever luck to block access to website like this ? Or this is not possible ?

1 Solution

Accepted Solutions
McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Not within HIPS; try the SiteAdvisor product.

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups.  In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup.  The browser request is handed off directly to the Proxy server, which does the DNS lookup.  I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.

3 Replies
Highlighted
dfo
Level 7
Report Inappropriate Content
Message 2 of 4

Re: URL Blocking via HIP8

Jump to solution

Hi

Correct, think about what the client gets when connected to a Proxy. HIPS cannot know more than the client provides, so when using any FQDN / DNS you can check against certain IP Adresses but when the Proxy does only provide his own it does not match. If you use a name HIPS need to let the System make a DNS resolve.

HIPS is not a URL filter.

best regards

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Not within HIPS; try the SiteAdvisor product.

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups.  In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup.  The browser request is handed off directly to the Proxy server, which does the DNS lookup.  I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.

Re: URL Blocking via HIP8

Jump to solution

Thanks a lot I was hoping to get such response :] Actually just starting with SiteAdvisor but the problem is Browser supportability, so just waiting for new hotfix for latest IE and FF.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community