- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blocking specific subdirectory of domain
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You would need to build a custom ips signature and set the action to drop.
I would start by finding the fortios custom ips-signature documentation and build a signature. For HTTPS you will need ssl/tls decoding in order to see the requested in the body.
It should look similar to this ;
config ips custom
edit web-block
set signature "F-SBID( --name \"web_heise\"; --pattern "Host|3A|www.heise.de/forum"; --no_case ; --protocol tcp; --dst_port 80; --default_action drop; --flow from_client; )"
You would write one for http and https and apply the ips rule in your firewall policy that allows traffic to the website.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can build a web filter profile but in each case ssl decryption is going to be needed. Filtering by SNI is not going to be helpful since the Host: header is not part of the SNI extension.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You would need to build a custom ips signature and set the action to drop.
I would start by finding the fortios custom ips-signature documentation and build a signature. For HTTPS you will need ssl/tls decoding in order to see the requested in the body.
It should look similar to this ;
config ips custom
edit web-block
set signature "F-SBID( --name \"web_heise\"; --pattern "Host|3A|www.heise.de/forum"; --no_case ; --protocol tcp; --dst_port 80; --default_action drop; --flow from_client; )"
You would write one for http and https and apply the ips rule in your firewall policy that allows traffic to the website.
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can build a web filter profile but in each case ssl decryption is going to be needed. Filtering by SNI is not going to be helpful since the Host: header is not part of the SNI extension.
Ken Felix
PCNSE
NSE
StrongSwan
