cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 3

Allow access to website, problem with js css in CDN

Hi everyone,

I have problem with the internet rules. Right now the default rule is everyone have no access to internet, only the whitelisted website (URL) are allowed.

The problem is, many many website include the css, js ... in CDN or another hosting, so the whitelisted page can access but can not load the CDN scripts. Is there any solution on this.

I am new with MWG, sorry if the issued already raised in somewhere else.

2 Replies
mkutrieba
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Allow access to website, problem with js css in CDN

Hello @Former Member,

It is possible using "Referer" Header. There were also many users who blocked by category and allowed specific URLs and wondered why only half the website is shown, as 10 different URLs are requested in background to get further data.

If you access youtube.com and youtube triggers another automatic request in background to load a video from www.gogolevideo.com, then this request contains a header called "Referer" which contains the value "https://www.youtube.com/" so that it knows, where it comes from.

So you can make a rule like this:
Referer rule.PNG

 

 

And it works/looks like this and the rule matches:

Referer Rule Trace.PNG

IMPORTANT: This only works for HTTPS sites when SSL Scanner is enabled and was triggered as the Referer header is a HTTP header which is encrypted in HTTPS. So SSL Scanner is required to break SSL traffic so that MWG can actually see this header to read out its value.

Regards,
Marcel Kutrieba
Technical Support Engineer

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 3

Re: Allow access to website, problem with js css in CDN

Please note that it is possible to fake Referer headers and it is also possible that embedded objects are loaded via Javascript/Ajax, so no referrer header is present.

The nature of HTTP is that it is stateless, so there is not really a reference between the different requests, so apart from additional whitelisting there is no automatic way to allow all embedded objects of a web site.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community