AnsweredHot!Blocking specific subdirectory of domain

Author
Steffi
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/03/25 08:44:53
  • Status: offline
2021/02/06 13:24:43 (permalink)
0

Blocking specific subdirectory of domain

Hello!

I would like to access the following url: www.heise.de

But I would like to block all subfolders/subdirectories, like www.heise.de/forum, www.heise.de/forum/startseite etc.

The site is https, I have a Fortigate 30d with latest 5.8 fw, webfilters working. I tried everything with filters, at least that I know of. I can block of course the whole domain, but not the subdirectories to their forum. I suspect, it has something to do with the https.

Reason: I want myself being blocked from posting in their forum, but still, I want to consume the news😃

Any help?

Thx.
post edited by Steffi - 2021/02/06 13:27:21
#1
emnoc
Expert Member
  • Total Posts : 5979
  • Scores: 402
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Blocking specific subdirectory of domain 2021/02/06 23:44:03 (permalink) ☄ Helpfulby Steffi 2021/02/07 07:00:12
0
You would need to build a custom ips signature and set the action to drop.
 
I would start by finding the fortios custom ips-signature documentation and build a signature. For HTTPS you will need ssl/tls decoding in order to see the requested in the body.
 
It should look similar to this ;
 
config ips custom 
  edit web-block 
set signature "F-SBID( --name \"web_heise\";  --pattern "Host|3A|www.heise.de/forum"; --no_case ;  --protocol tcp; --dst_port 80;  --default_action drop; --flow from_client; )" 
 
You would write one for http and https and apply the ips rule in your firewall policy that allows traffic to the website.   
 
Ken Felix
 
 
post edited by emnoc - 2021/02/06 23:46:43

PCNSE 
NSE 
StrongSwan  
#2
Steffi
New Member
  • Total Posts : 15
  • Scores: 0
  • Reward points: 0
  • Joined: 2010/03/25 08:44:53
  • Status: offline
Re: Blocking specific subdirectory of domain 2021/02/07 01:39:51 (permalink)
0
Thx for your answer.

So, as I can see from your answer, it should not be possible with simple url filter (simple, regex oder wildcard), right? I can also see, that ssl deep inspection is needed. I know, not difficult to implement, but in my case, too much for an simple url block.
#3
emnoc
Expert Member
  • Total Posts : 5979
  • Scores: 402
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Blocking specific subdirectory of domain 2021/02/07 06:47:25 (permalink) ☼ Best Answerby Steffi 2021/02/07 07:00:18
0
You can build a web filter profile but in each case ssl decryption is going to be needed. Filtering by SNI is not going to be helpful since the Host: header is not part of the SNI extension.
 
Ken Felix
 
 

PCNSE 
NSE 
StrongSwan  
#4
Jump to:
© 2021 APG vNext Commercial Version 5.5