cancel
Showing results for 
Search instead for 
Did you mean: 
mvjames
Level 7

Internet Filtering Protocol (IFP) Block Pages

I have been unable to find any documentation on IFP (aside for what is on the the MWG Product Guide), or its integration with other products. Intel Security Support has referred me here.

We have Cisco Adaptive Security Appliance (ASA)'s Content Inspection configured to query an external policy/control server (MWG) via the Internet Filtering Protocol (IFP) [ie the smartcomputing via TCP 4005]. With the response message setting enabled, clients are redirected to a "block or informational page" and seems to be obtained from standard HTTP Proxy ruleset flow. Block pages for IFP appear to the hosted on http://<Proxy.IP>:9090/mwg-internal/*****/  TCP 9090 is the MWG default port of the main HTTP Proxy.


MWG can have multiple HTTP Proxy ports configured. 9090 (explicit) 9091 (for transparent redirect) and 9092 (authentication bypass). I could not find anywhere how to tell IFP to use a different proxy port for "messages".The only setting I saw under IFP was on whether a "message" (the block
page) was sent back to the ASA or not. Is there a way to change this hosting port for IFP Blockpages or is it hardcoded to use the default TCP 9090 or is it just using the first port configured in the HTTP Proxy section?

0 Kudos
1 Reply
eelsasser
Level 15

Re: Internet Filtering Protocol (IFP) Block Pages

When you set the IFP response to Send error message as a redirect, it will always use the first defined proxy port on the list.

If you have a block action as a response to an IFP request, then the redirect URL will always be:

http://$Proxy.IP$:$Proxy.Port$/mwg-internal/de5fs23hu73ds/IfpRedirect?sessionid=<random>

However, you do not have to use a Block Action. If you want it to redirect to a custom page, you can use a Redirect Action, and set the Redirect.URL:

IFP
[✔] Enabled [✘] Disabled in Cloud
Applies to: [] Requests [] Responses [] Embedded Objects
1: Connection.Protocol equals "IFP"
EnabledRuleActionEventsComments
[✔] EnabledBlock
1: URL.Categories<URL Filter: Default> at least one in list URL Filter: Default Blocked Categories
Redirect<Default>Set Redirect.URL = "http://block.mwginternal.com/block.html"
[✔] EnabledStop
Always
Stop Cycle

Then the destination web server displays the block page.

You can have MWG as the destination web server, and you can embed parameters into the block page URL and have the web server parse them and display them back on the block page.

If you use Send error message in IFP, then you can have very small pieces of HTML returned to the client, but there is a size limit of 1024 bytes. can't display much with HTML that small.

0 Kudos