cancel
Showing results for 
Search instead for 
Did you mean: 

URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

P.S. I've tried my rules on top level of fw rules.

Have anyone ever luck to block access to website like this ? Or this is not possible ?

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Not within HIPS; try the SiteAdvisor product.

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups.  In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup.  The browser request is handed off directly to the Proxy server, which does the DNS lookup.  I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.

0 Kudos
3 Replies
dfo
Level 7

Re: URL Blocking via HIP8

Jump to solution

Hi

Correct, think about what the client gets when connected to a Proxy. HIPS cannot know more than the client provides, so when using any FQDN / DNS you can check against certain IP Adresses but when the Proxy does only provide his own it does not match. If you use a name HIPS need to let the System make a DNS resolve.

HIPS is not a URL filter.

best regards

0 Kudos
McAfee Employee

Re: URL Blocking via HIP8

Jump to solution

Hello is there any way how to block specific URL ?

Not within HIPS; try the SiteAdvisor product.

Tried DNS Blocking = not working for me.

Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups.  In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup.  The browser request is handed off directly to the Proxy server, which does the DNS lookup.  I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.

0 Kudos

Re: URL Blocking via HIP8

Jump to solution

Thanks a lot I was hoping to get such response :] Actually just starting with SiteAdvisor but the problem is Browser supportability, so just waiting for new hotfix for latest IE and FF.

0 Kudos