ProxySG & Advanced Secure Gateway

  • Private Community
 View Only

  • 1.  How to include URLs and IPs in Policy File for ProxySG

    Posted Jan 30, 2019 04:07 PM

    Hello,

    I'm very new to ProxySG, and I'm looking for help to write a simple policy file. I have a list of URLs and IPs that I want to block. After reading through the SG OS guide, I wrote the policies below, and was able to install them on the SG appliance. My questions are:

    • Is is necessary to define a separate condition for IPs, instead of creating a single condition for URLs and IPs? If it is, should I use "define subnet" instead of "define condition"? I saw that when I use "define subnet" I don' t need to use client.address in front of the IPs
    • Do I need to prefix URLs with "http://"?

    Thanks!

    ; The list of URLs defined here is sent to a ProxySG device for blocking
define url condition malicious_url
  http://dmdxsuxvlywxtlswclf.com
  http://ctfoidlsctrlkrlhmj.com
  http://galun.eu
  lotsofmalware.com
  get-some-free-software.ping.pong.com
end

; List of malicious IPs
define condition malicious_ip
  client.address=101.28.247.133
  client.address=60.190.243.206
  client.address=103.107.151.13
end

<proxy>
; Match the defined conditions and return a content_filter_denied exception page
  condition=(malicious_url, malicious_ip) exception(content_filter_denied)

; Rewrite the access log entry
  condition=(malicious_url, malicious_ip) log.rewrite."cs-categories"[main]("Blocked by the supplied URI list") log.suppress."cs-categories"[main](no)

     



  • 2.  RE: How to include URLs and IPs in Policy File for ProxySG
    Best Answer

    Posted Jan 30, 2019 09:56 PM

    Dear Valentin,

     

    • Is is necessary to define a separate condition for IPs, instead of creating a single condition for URLs and IPs? If it is, should I use "define subnet" instead of "define condition"? I saw that when I use "define subnet" I don' t need to use client.address in front of the IPs

    Ans: Yes you can define one conditon  for Ip's and domain as well as subnet.

            If you want to allow or block external IP then you need to use url.address, if it is your client IP then use client.address

    define condtion ip_domain

    url.domain=abc.com

    url.address=x.x.x.x

    url.address=x.x.x.x/24

    end

    <proxy>

    condtion=ip_domain deny

     

    • Do I need to prefix URLs with "http://"?

    Ans:  Not required.

     

    BR

    Aboonaim

    ----------

    If you are satisfied with an answer, please click "Accept Solution"

     



  • 3.  RE: How to include URLs and IPs in Policy File for ProxySG

    Posted Jan 31, 2019 11:01 AM

    Thanks for the reply, Aboonaim!

    One clarifying question: Do I use url.domain as well to block FQDNs, or URLs to files
    For example:

    www.get.some-malware.com

    pirate-bay.com/download/file.exe

     

    Valentin



  • 4.  RE: How to include URLs and IPs in Policy File for ProxySG

    Posted Jan 31, 2019 11:21 AM
    Dear Valentin, <proxy> url. Domain=get.some-malware.com deny url. domain=piratebay.com deny You can also write combined object to. BR ------------ Aboonaim If you are satisfied with my answer click on accepted solution