cancel
Showing results for 
Search instead for 
Did you mean: 
haaris
Level 10

How to allow a specific URL with the path

I need to allow a URL https://www.Facebook.com/centralbankofindia but I am not able to do so,getting block page.

I tried URL.path and other way also but didn't get it right.

I need to allow that specific URL only.

Plz help me how can I achieve it in the best possible way.

Plz reply.

0 Kudos
9 Replies
feickholt
Level 10

Re: How to allow a specific URL with the path

did you use ssl interception? Otherwise the webgateway is not able to check the whole URL Path. without ssl interception the proxy knows only the domainpart.

0 Kudos
haaris
Level 10

Re: How to allow a specific URL with the path

Do you want to say that full path url will not work without ssl scanner???

Anyways I have enabled ssl scanner ruleset.

Can you tell me how to allow full URL.

Does anybody knows??

0 Kudos
feickholt
Level 10

Re: How to allow a specific URL with the path

No. This restriction belongs only to HTTPS Url. For HTTP you don't need SSL interception.

You can use the property URL to check against the whole URL.

0 Kudos
haaris
Level 10

Re: How to allow a specific URL with the path

But its not working with the current rule set..

Please help me with the same...

0 Kudos
feickholt
Level 10

Re: How to allow a specific URL with the path

You may attach your ruleset to see what will happen. Maybe there is another rule blocking facebook. Did you try a rule trace?

0 Kudos
Troja
Level 14

Re: How to allow a specific URL with the path

Hi all,

mentioned, without inspecting SSL traffic this is not possible.

If the user enters the URL the proxy ONLY sees a CONNECT Request.

No HTML Content or URL Path is visible for the proxy if SSL is not inspected.

You can easily check this with a TCP trace.

1) User types the URL of Central Bank of India | Facebook in the browser

2) The proxy "sees" the connect request to www.facebook.com:443

3) Now the key exchange starts between the endpoint and the webserver.

4) After the SSL connection is established between the endpoint and the webserver the HTTP content is transferred to the endpoint. As you can see in the screenshot, the proxy only "sees" encrypted TCP traffic.

Facebook Bank of India.jpg

Therefore, you cannot use most of the properties in the ruleset when not terminating SSL.

Hope this is useful and helps understanding,

Cheers

haaris
Level 10

Re: How to allow a specific URL with the path

I have enabled the SSL scanner, then why the URL is not working..

0 Kudos
Troja
Level 14

Re: How to allow a specific URL with the path

Hmmm,

can you do a Rule Trace under "Troubleshooting" -> "Rule trace central". There is another config change necessary if it does not work in your environment.
I will show you my analysis steps how to troubleshoot.

1) As you can see, Rule tracing central shows the whole reqeust

Facebook Bank of India.jpg

2) I definded an own debugging log to see how the properties are filled. Also a blocking rule with the following criteria

URL.path matches *centralbankofindia*

The result is a block of the request and a http response code 403

Facebook Bank of India 2.jpg

Perhaps there is another problem if it does not work in you environment,

Cheers

mbagheryan
Level 12

Re: How to allow a specific URL with the path

Hi Haaris,
May be you have to check this Document:

Very simple to do.

Enjoy.

M. B. M

0 Kudos