SA520 Content Filtering

Unanswered Question
Sep 16th, 2010
User Badges:

We have a SA520 and want to enable the content filtering

However we found that the user can bypass the URL filter easily if the site provides https service


For example, we want to block facebook, and we have enter facebook in the block list

If the user browse using http://www.facebook.com, it blocks

However when the user using https://www.facebook.com, it works!


Is there any solution to close this backdoor?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
nmanglik Fri, 09/24/2010 - 16:53
User Badges:

Hi,


Currently SA500 only supports content filtering only on port 80.


Thanks,

Nitin.

Eckhard Eilers Mon, 03/05/2012 - 10:16
User Badges:

sorry, maybe I am misunderstanding this issue, but on my 520 https content is also filtered.


firewall -> content filtering -> http port: 80, 443; web components: all ticked.

firewall -> content filtering -> blocked urls: www.facebook.com: website, facebook: URL Keyword


what am I doing wrong ... ? ;-)


kind regards


eckhard

jasbryan Tue, 03/06/2012 - 08:02
User Badges:
  • Silver, 250 points or more

Eckhard,


When the other engineer said the SA500 only filters content on port 80 we can only filter normal unencrypted web traffic. Since https is encrypted the router can't read the content at which the end user is accessing. Since the router can't read this content because it is encrypted then we can't filter any content that uses https or 443 traffic. That being said some people filter at the DNS query as i do. Instead of trying to block at content we can block the DNS query. OpenDns is a good way to accomplish blocking at DNS level.


Just an example if i blocking content for facebook.com

then if i use http://facebook.comthen i should get blocked

if i use https://facebook.com then since the traffic is being encrypted by the end user the router can't read any encrypted content therefore allowing the connection....


hope this explains further.


Jasbryan

MICHAEL JOHNSON Thu, 05/10/2012 - 10:21
User Badges:
  • Bronze, 100 points or more

That does not make any sense. The url is not encrypted so url filtering should be able to block access to the URL. Real content filtering solutions such as sonicwall, websense etc seem to be able to block https site access. I'm positive this is just a Cisco SA520 short coming in that it only blocks port 80 url access.

Actions

This Discussion

Related Content