[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] URL Screening with external Proxy
Why not just put a rule in the firewall that says: Proxy Server -> www..ch any reject ? Then any connections to www..ch from the proxy server will be rejected AND you can see in the proxy server logs who is trying to connect to www.xxx.ch. Thanks and Regards, Kevin Martin <[email protected]> TD Options, LLC Security Officer 230 S. LaSalle, 6th Floor Chicago, IL 60604 T:F:-----Original Message----- From: Klaus Gribi [mailto:[email protected]] Sent: Friday, August 23, 2002 7:31 AM To: [email protected] Subject: [FW-1] URL Screening with external Proxy Hi all I'm using a CP FW 4.1 SP5 on NT 4.0 SP 6a. The following network layout is in place: Intranet --- My Firewall --- Proxy Server --- Other Firewall --- Internet The Web Browser client in the Intranet connects via the proxy on port 8080 to the Internet. Everything is working fine. Now, I should block a special Web Site (www.xxx.ch). On "My Firewall" I created the following rule before the proxy rule: Source "Intranet", Destination "Proxy Server", Service "tcp8080->badweb", Action "Reject" Resource: Name: badweb Connection Methods: Proxy URI Match: WildCards Schemes: http Methods: get, post, head, put Host: www.xxx.ch Path: * Query: * Replacemnet Uri: Intranet-Site HTML Weeding: nothing selected Response Scanning: nothing selected CVP Server: none Well all Proxy connections are then rejected instead of only www.xxx.ch. Tried to replace service "tcp8080" with "http->badweb" with the same result. Any? Thanks. Regards Klaus ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|