3 Replies Latest reply: Mar 20, 2014 10:02 AM by jaroslav_vykoukal RSS

    URL Blocking via HIP8

    jaroslav_vykoukal

      Hello is there any way how to block specific URL ?

      Tried DNS Blocking = not working for me.

      Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

       

      My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

       

      P.S. I've tried my rules on top level of fw rules.

       

      Have anyone ever luck to block access to website like this ? Or this is not possible ?

        • 1. Re: URL Blocking via HIP8
          dfo

          Hi

           

          Correct, think about what the client gets when connected to a Proxy. HIPS cannot know more than the client provides, so when using any FQDN / DNS you can check against certain IP Adresses but when the Proxy does only provide his own it does not match. If you use a name HIPS need to let the System make a DNS resolve.

           

          HIPS is not a URL filter.

           

          best regards

          • 2. Re: URL Blocking via HIP8
            Kary Tankink

            Hello is there any way how to block specific URL ?

            Not within HIPS; try the SiteAdvisor product.

             

             

            Tried DNS Blocking = not working for me.

            Tried specific Rule in FW to block all traffic for remote IP ( IP of website ) + FQDN ( entered what nslookup found )

             

            My assumption is that this is result of proxy settings on our environment that this is being routed via our proxy server thus resulting in different IP being used, however my impression was that HIP should be resolving the IP locally so blocking this even before it wil reach proxy .

             

            DNS Blocking, as well as FQDN blocking and TrustedSource, work when the local client is performing the DNS lookups.  In a proxy situation, where your Internet browser is set to a Proxy/PAC server, the local client is typically NOT doing the DNS lookup.  The browser request is handed off directly to the Proxy server, which does the DNS lookup.  I usually test with Telnet to force a local DNS lookup and connect out to verify if these features (DNS blocking, FQDN firewall rules, and TrustedSource) would block traffic properly.

            • 3. Re: URL Blocking via HIP8
              jaroslav_vykoukal

              Thanks a lot I was hoping to get such response :] Actually just starting with SiteAdvisor but the problem is Browser supportability, so just waiting for new hotfix for latest IE and FF.