Description
This article describes how to use FortiGate to deny access to ChatGPT through a Google Chrome extension that would otherwise work even if the ChatGPT application is denied using Application Control.
Scope
FortiGate.
Solution
- Create an App Control profile that denies the ChatGPT signature and the QUIC protocol:
- Configure a Web Filter profile type proxy and configure the following static URL filter:
In the CLI:
config webfilter urlfilter
edit <ID>
set name <Name>
config entries
edit 1
set url "*.openai.*"
set type wildcard
set action block
next
edit 2
set url "sider.*"
set type wildcard
set action block
next
end
next
end
- Create a Firewall Policy with inspection mode set to the 'Proxy' type and enable 'deep-inspection'. To do so, install the SSL Certificate on the final PCs, and attach the Web Filter and App Control profiles previously created.
- As a result, if the ChatGPT Sidebar is not installed yet, the Chrome Extension cannot be added. If the ChatGPT Sidebar was installed previously, after logging in to it and attempting to use it, a 403 Forbidden error will appear instead of a reply from ChatGPT, and the Access Blocked Page will be triggered.
