cancel
Showing results for 
Search instead for 
Did you mean: 
pny
Level 7

WebGateway : Filter https-URL by URL-Path

Hi,

one of our customers wants youtube completely blocked, execpt for some disclamiers.

So what they only want to allow access to the following URLs :

https://www.youtube.com/copright 

https://www.youtube.com/user/copyright

Now when i try to define a "URL and Application Filtering Rule" with Regular Expression and/or GLOB Expressions it never matches that Rule.

When i test the Expression (either regex or glob) against the mentioned URL's they match. So i'm certain it's not a matching isssue.

regex-test.png glob-test.png

When i enter the domain (youtube.com) in a String-type List instead of a Wildcard Expression-type List, all of youtube.com is allowed. The webgate still does not respect the URL-Path.

In Troubleshooting => Ruletracing all i can see is the Host-Part of the URL like https://www.youtube.com but never the Path-Part of the URL eg. "/copyright".

troublesh.png

So the Question is, how can i allow or deny access to a HTTPS-URL, based on the URL-Path ?

Since we intercept all SSL Traffic, the Webgateway should be able to see the URL path, right ?

Any input is greatly appreciated

Regards,

Philipp

0 Kudos
1 Reply
McAfee Employee

Re: WebGateway : Filter https-URL by URL-Path

Hi Philipp,

There are a couple things to take into account here:

1. Before MWG will know the full URL, it must allow the first connection for the SSL tunnel (CONNECT and CERTVERIFY). All details about this are outlined here:

2. Once you have allowed the SSL tunnel connection, MWG will have the ability to filter the full URL as you want and expect:

Best Regards,

Jon

0 Kudos