New Member
Posts: 2
Registered: ‎06-05-2018

Requirement to block outbound http traffic that uses IP in the URL

Hello,

 

I would like to prevent traffic leaving my network that uses any IP in its URL, for example http://1.2.3.4/ rather than using a Domain, http://website.example

 

I cannot see a specific function in the Unified SG configuration screen, so would be grateful for any guidance on this matter.

 

Many thanks in advance.

Member
Posts: 263
Registered: ‎12-12-2015
Kudos: 94
Solutions: 10

Re: Requirement to block outbound http traffic that uses IP in the URL

It is not possible to use the USG to distinguish http/https traffic with and without a name in the URL.  Your only option is to block all traffic and then setup a http/https proxy that will enforce those standards but you will need to reconfigure the clients to use it.

Established Member
Posts: 1,670
Registered: ‎11-12-2015
Kudos: 460
Solutions: 47

Re: Requirement to block outbound http traffic that uses IP in the URL


@bobflemming wrote:

Hello,

 

I would like to prevent traffic leaving my network that uses any IP in its URL, for example http://1.2.3.4/ rather than using a Domain, http://website.example

 

I cannot see a specific function in the Unified SG configuration screen, so would be grateful for any guidance on this matter.

 

Many thanks in advance.


Why???

 

New Member
Posts: 2
Registered: ‎06-05-2018

Re: Requirement to block outbound http traffic that uses IP in the URL

Thanks for the reply @Brontide, it's good to know I've not missed the setting somewhere in the menus.

 

But to echo @phk46's frustration, this is a serious failing of the Security Gateway.  Hopefully someone from Ubiquiti will follow up on this thread.

Member
Posts: 263
Registered: ‎12-12-2015
Kudos: 94
Solutions: 10

Re: Requirement to block outbound http traffic that uses IP in the URL

It's impossible for a layer 3 firewall to block things that are occuring at layer 7.  Your best option if you need that level of control is to block all traffic and install the apporpriate outbound proxies.

Established Member
Posts: 1,670
Registered: ‎11-12-2015
Kudos: 460
Solutions: 47

Re: Requirement to block outbound http traffic that uses IP in the URL


@bobflemming wrote:

To echo @phk46's frustration, this is a serious failing of the Security Gateway.  Hopefully someone from Ubiquiti will follow up on this thread.


That wasn't what I meant. I was asking why you would want to impose this restriction.