cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Basic question: Blocking/Whitelisting IP addresses

Jump to solution

Hi,

I am wondering how to whitelist or block IP addresses. There is a property for Client.IP but I do not find a Destination.IP. There is one called URL.Destination.IP but this is for IPs that result from a DNS lookup (e.g. user enters hostname).

What if the user does not enter a hostname but an IP address? Would I use the URL.Host property for this and just put the IP address in a list?

Thanks

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 11

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

The property will trigger MWG to perform a lookup on the requesed resource...

So, if you request www.mcafee.com, MWG will lookup the IP for www.mcafee.com (12.234.113.129).

If you requested a non-existant domain like "www.mcafee123def.com" it would return 255.255.255.255 because it doesnt exist in DNS.

Yes, URL.Host would be the IP address if an IP was requested. However if you're intention is to block a specific IP, then you should use URL.Destination.IP, because URL.Host would only contain the IP if it was requested in that manner.

i.e. I want to block 12.234.113.129

If I used URL.Host equals 12.234.113.129, with action block.

Result: I could access the site by using www.mcafee.com

If I used URL.Destination.IP equals 12.234.113.129, with action block

Result: I cannot access the site by name or IP

Best,

Jon

View solution in original post

10 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 11

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

URL.Destination.IP is what you are looking for.

URL.Destination.IP is the IP of the requested URL, or in the case it's requested by IP, it's the IP.

Best,

Jon

Highlighted

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

Thanks Jon.

What does the description of the property really mean? It says "does DNS lookup, 255.255.255.255 if failed".

Also just to make sure: If I use this property with a block action, IP addresses I used in a corresponding list will be blocked?

Highlighted

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

Oh, and one more (sorry): If I use URL.Host and use a string list and put an IP address in there, does that match as well?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 11

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

The property will trigger MWG to perform a lookup on the requesed resource...

So, if you request www.mcafee.com, MWG will lookup the IP for www.mcafee.com (12.234.113.129).

If you requested a non-existant domain like "www.mcafee123def.com" it would return 255.255.255.255 because it doesnt exist in DNS.

Yes, URL.Host would be the IP address if an IP was requested. However if you're intention is to block a specific IP, then you should use URL.Destination.IP, because URL.Host would only contain the IP if it was requested in that manner.

i.e. I want to block 12.234.113.129

If I used URL.Host equals 12.234.113.129, with action block.

Result: I could access the site by using www.mcafee.com

If I used URL.Destination.IP equals 12.234.113.129, with action block

Result: I cannot access the site by name or IP

Best,

Jon

View solution in original post

Highlighted

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

Awesome, thank you Jon!

Highlighted

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

Hi Jon,

I have to revisit this question:

Say I want to exclude certain hosts and IPs from SSL scanning. I did something like this:

http://d.pr/i/HDHj+

As you can see, I referenced the same wildcard list for both properties. Is this valid or should I use a separate IP list for the URL.Destination.IP property?

Thanks

Sascha

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 11

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

It's valid, but I wouldnt do it because it could be confusing. Do I add a host or do I add an IP address? Plus it means that MWG will have to evaluate all the hosts you have in the list against the IP address, which will never match.

There is no need to use wildcards with IP addresses, when you can use ranges or single IPs.

Ranges can be specified in formats like: 10.1.1.1-10.1.1.255, 10.1.1.0/24

I would use a separate list for the IP related items.

Best,

Jon

Highlighted
Level 15
Report Inappropriate Content
Message 9 of 11

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

...and don't forget, IP Ranges can be a single IP like 10.1.1.1/32

I hate it when you use an IP list as opposed to an IP range list for these things. Personal pet peeve.

Highlighted

Re: Basic question: Blocking/Whitelisting IP addresses

Jump to solution

eelsasser wrote:

...and don't forget, IP Ranges can be a single IP like 10.1.1.1/32

I hate it when you use an IP list as opposed to an IP range list for these things. Personal pet peeve.

Good point. Will be using IP Ranges.

I just thought I could make life easier by only having to maintain one list instead of two.

Thanks!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community