cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2855
Views
0
Helpful
7
Replies

Sourcefire URL Filtering

Hi all,

I have one question about Sourcefire URL Filtering,

As I know Sourcefire does not support SSL Encryption/decryption,

My Question is How does it blocks HTTPS  Websites ? , eg:  https://facebook.com.

 

 

 

 

 

 

 

7 Replies 7

Sergio Garrido
Level 1
Level 1

Hi 

We have the same question a year ago. 

We block HTTPS website using the follow trick:

Step 1:

Go to Object Management -> URL -> Individual Objects -> Add URL

Set name to the URL object, and type the url, for example, to block

Facebook, type "facebook.com" unquoted.

Step 2:

Go to the rule in Access control policy and associate this object to the rule.

Step 3:

Apply all changes, wait a litle time until the control policy status go from 

"Appying to device" to "Policy Up-to-date on device"

Step 4:

Try your config.

 

I hope help you

 

 

Sergio,

Are you able to redirect the user to a custom webpage if they try to visit a HTTPS site or do they just wait for a timeout message to appear?

rcmcdermott11
Level 1
Level 1

With the 5.4.x version of code you can perform SSL encryption/decryption and apply policy.

Are you sure? I thought you couldn't do SSL decryption with SourceFire and that you required separate SSL hardware

 

Do you have any documentation that shows its possible now?

steveahughes
Level 1
Level 1

To answer your question about how SourceFire filters URL traffic from HTTPS sites.  SourceFire uses the Certificate name and SAN names that are sent from the remote end to your PC.  Although the packet is sent as DTLS, the SAN names can be read in clear text.  I have ran a packet capture to test.  

Thanks Steve

 

can you send me the packet capture, it would be useful for me to understand.

 

 

 


 

Review Cisco Networking for a $25 gift card