1 Reply Latest reply on Jul 5, 2016 10:20 PM by eelsasser

    Internet Filtering Protocol (IFP) Block Pages

    mvjames

      I have been unable to find any documentation on IFP (aside for what is on the the MWG Product Guide), or its integration with other products. Intel Security Support has referred me here.

       

      We have Cisco Adaptive Security Appliance (ASA)'s Content Inspection configured to query an external policy/control server (MWG) via the Internet Filtering Protocol (IFP) [ie the smartcomputing via TCP 4005]. With the response message setting enabled, clients are redirected to a "block or informational page" and seems to be obtained from standard HTTP Proxy ruleset flow. Block pages for IFP appear to the hosted on http://<Proxy.IP>:9090/mwg-internal/*****/  TCP 9090 is the MWG default port of the main HTTP Proxy.


      MWG can have multiple HTTP Proxy ports configured. 9090 (explicit) 9091 (for transparent redirect) and 9092 (authentication bypass). I could not find anywhere how to tell IFP to use a different proxy port for "messages".The only setting I saw under IFP was on whether a "message" (the block
      page) was sent back to the ASA or not. Is there a way to change this hosting port for IFP Blockpages or is it hardcoded to use the default TCP 9090 or is it just using the first port configured in the HTTP Proxy section?

        • 1. Re: Internet Filtering Protocol (IFP) Block Pages

          When you set the IFP response to Send error message as a redirect, it will always use the first defined proxy port on the list.

          If you have a block action as a response to an IFP request, then the redirect URL will always be:

          http://$Proxy.IP$:$Proxy.Port$/mwg-internal/de5fs23hu73ds/IfpRedirect?sessionid=<random>

           

          However, you do not have to use a Block Action. If you want it to redirect to a custom page, you can use a Redirect Action, and set the Redirect.URL:

          IFP
          [✔] Enabled [✘] Disabled in Cloud
          Applies to: [] Requests [] Responses [] Embedded Objects
          1: Connection.Protocol equals "IFP"
          EnabledRuleActionEventsComments
          [✔] EnabledBlock
          1: URL.Categories<URL Filter: Default> at least one in list URL Filter: Default Blocked Categories
          Redirect<Default>Set Redirect.URL = "http://block.mwginternal.com/block.html"
          [✔] EnabledStop
          Always
          Stop Cycle

           

          Then the destination web server displays the block page.

           

          You can have MWG as the destination web server, and you can embed parameters into the block page URL and have the web server parse them and display them back on the block page.

           

          If you use Send error message in IFP, then you can have very small pieces of HTML returned to the client, but there is a size limit of 1024 bytes. can't display much with HTML that small.