cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hello all,

We need  a solution to block this URL:

 

    URL is “https://chrome.google.com/webstore/detail/book-tatkal-irctc-tickets/nhonmhlmindhibcdebmedakhmaifmoll

-          URL contains “nhonmhlmindhibcdebmedakhmaifmoll” - string represents plugin ID

We have a "Global URL Website Blocklist" were we put the exact URL, but is not blocked.
When we are making troubleshooting on the proxy we see that request from any browser is just "https://chrome.google.com" not the all URL and is not matching our entry.

How can we resolve this issue?

Regards,

Vlad,GIT NetSec

Labels (1)
1 Solution

Accepted Solutions
McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hi,

 

as mentioned above:

"You will only see the complete URLs in a HTTPS connection if SSL scanner is triggered for this request, otherwise you will only see the URL host."

 

Since SSL inspection is needed to look inside the connection it is not possible to set URL path as criteria since you do not see/know the path before SSL scanner is triggered.

You can only use URL host as criteria for entering or bypassing SSL scanner.

 

Regards,

Marcel

8 Replies

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Specific request :

how to filter and block google chrome extensions

McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 3 of 9

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hi Sir,

 

do you have SSL scanner in place?
You will only see the complete URLs in a HTTPS connection if SSL scanner is triggered for this request, otherwise you will only see the URL host.

 

I have configured a test rule in Global Whitelist rule set (placed below SSL scanner/HTTPS scanning) and configured:
URL matches *nhonmhlmindhibcdebmedakhmaifmoll

The request is then blocked as expected.

 

Please notice that some further work needs to be done when deciding to enable SSL scanner.
At first, let us know if you already use this or further information is needed.

 

Regards,

Marcel

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hello Marcel,

 

You are right. 
Once we enabled the content inspection we were able to see the full url.

 

Regards,

Vlad

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Marcel,


I have the following question :

-- we enabled the ssl inspection --with the following features :

Handle connect call - default
Certificate Verification - default
Content Inspection - default

And now we can see the full url in the trace and we are able to block it under
Global URL Website Blocklist -> URL -> Block (as per our config).

 

But i don t fully understand what is the process behind this, that makes it work now.

Would you please share some documentation that will help me understand.

 

I noticed that we are now breaking the ssl -- but we would like to do this without breaking the ssl .

Or to activate the ssl scanner only for particular sites not for all traffic.

 

Regards.

 

 

 

McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 6 of 9

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hi,

 

you will find further documentation under "HTTPS Inspection" here in our best practices guides:

https://community.mcafee.com/t5/Documents/McAfee-Web-Gateway-Best-Practices-and-Common-Scenarios/ta-...

 

Yes, you break up the SSL Traffic. This needs to be done to see the traffic inside the connection. If you don't, you will only see the URL host since this connection is encrypted.

 

If you want to do this for only specific websites you could add a bypass rule to SSL scanner where you only allow specific websites (URL hosts) to run into SSL scanner rule set.

For example:

URL.Host (is not/does not) match in list <list>, Action: Stop Rule Set


Regards,

Marcel

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hello Marcel,

 

Under Handle connect call--- settings

  -- we set it up to match command.name == connect (default )  or url.path (the url we were interested to block/inspect).

Under Handle connect call, in leaf rule -->  Enable certificate verification --- here we specified the url.host.

Certificate Verification - default settings
Content Inspection - default settings.

 

And now we can see the full url that we wanted to block and we are not breaking ssl for other urls on same url.host (domain) or other domains.

 

Regards,

Vlad

 

 

 

 

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hey,

 

I want to ask you if it is possible to inspect ssl traffic only for a specific url and the traffic for other urls on the same domain not to be inspected.

Regards,

Vlad

 

 

 

McAfee Employee mkutrieba
McAfee Employee
Report Inappropriate Content
Message 9 of 9

Re: Mcafee MWG how to block from google webstore access to a certain plugin

Jump to solution

Hi,

 

as mentioned above:

"You will only see the complete URLs in a HTTPS connection if SSL scanner is triggered for this request, otherwise you will only see the URL host."

 

Since SSL inspection is needed to look inside the connection it is not possible to set URL path as criteria since you do not see/know the path before SSL scanner is triggered.

You can only use URL host as criteria for entering or bypassing SSL scanner.

 

Regards,

Marcel

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.