Blocking specific subdirectory of domain | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB
Fuse
- Fuse Fortinet User Community

Mark Thread UnreadFlat Reading Mode ❐

AnsweredHot!Blocking specific subdirectory of domain

Author Post Essentials Only Full Version
Steffi New Member Total Posts : 15 Scores: 0 Reward points: 0 Joined: 2010/03/25 08:44:53 Status: offline 2021/02/06 13:24:43 (permalink) 0 Blocking specific subdirectory of domain Hello! I would like to access the following url: www.heise.de But I would like to block all subfolders/subdirectories, like www.heise.de/forum, www.heise.de/forum/startseite etc. The site is https, I have a Fortigate 30d with latest 5.8 fw, webfilters working. I tried everything with filters, at least that I know of. I can block of course the whole domain, but not the subdirectories to their forum. I suspect, it has something to do with the https. Reason: I want myself being blocked from posting in their forum, but still, I want to consume the news😃 Any help? Thx. post edited by Steffi - 2021/02/06 13:27:21 #1 See best answerList Solutions Only 3 Replies Related Threads
emnoc Expert Member Total Posts : 5979 Scores: 402 Reward points: 0 Joined: 2008/03/20 13:30:33 Location: AUSTIN TX AREA Status: offline Re: Blocking specific subdirectory of domain 2021/02/06 23:44:03 (permalink) ☄ Helpfulby Steffi 2021/02/07 07:00:12 0 You would need to build a custom ips signature and set the action to drop. I would start by finding the fortios custom ips-signature documentation and build a signature. For HTTPS you will need ssl/tls decoding in order to see the requested in the body. It should look similar to this ; config ips custom edit web-block set signature "F-SBID( --name \"web_heise\"; --pattern "Host\|3A\|www.heise.de/forum"; --no_case ; --protocol tcp; --dst_port 80; --default_action drop; --flow from_client; )" You would write one for http and https and apply the ips rule in your firewall policy that allows traffic to the website. Ken Felix post edited by emnoc - 2021/02/06 23:46:43 PCNSE NSE StrongSwan #2
Steffi New Member Total Posts : 15 Scores: 0 Reward points: 0 Joined: 2010/03/25 08:44:53 Status: offline Re: Blocking specific subdirectory of domain 2021/02/07 01:39:51 (permalink) 0 Thx for your answer. So, as I can see from your answer, it should not be possible with simple url filter (simple, regex oder wildcard), right? I can also see, that ssl deep inspection is needed. I know, not difficult to implement, but in my case, too much for an simple url block. #3
emnoc Expert Member Total Posts : 5979 Scores: 402 Reward points: 0 Joined: 2008/03/20 13:30:33 Location: AUSTIN TX AREA Status: offline Re: Blocking specific subdirectory of domain 2021/02/07 06:47:25 (permalink) ☼ Best Answerby Steffi 2021/02/07 07:00:18 0 You can build a web filter profile but in each case ssl decryption is going to be needed. Filtering by SNI is not going to be helpful since the Host: header is not part of the SNI extension. Ken Felix PCNSE NSE StrongSwan #4

Jump to:

© 2021 APG vNext Commercial Version 5.5