Ironport S370 v7.1.2 add filter to https://www.google.com/recaptcha/api/siteverify/

charlie.barr · ‎06-07-2017

I'm new to this, so I apologize if this has been answered 1K times and I'm not smart enough to put together the proper search terms. I'd like to know if it's possible, and if yes how to, add a rule to the Ironport S370 to allow requests from my servers to the specific URL https://www.google.com/recaptcha/api/siteverify/ but nothing else at google.com? Any help would be greatly appreciated.

Handy Putra · ‎06-11-2017

This can be achieved by using regular expressions in the custom URL categories.

However since this is HTTPS connection and in order for the S370 to read anything after the parent domain such as www.example.com/link1, the connection will need to be decrypted (HTTPS proxy need to be enabled) first otherwise S370 can only see connection to www.example.com.

Once HTTPS connection being decrypted, it will then use access policy (in which you can include your custom URL category with regular expression in it only for that specific link).

Simple scenario for this:

1. HTTPS enable

2. Decrypt google.com from decryption policy

3. Create Custom URL category and use regular expression such as:

/www.google.com/recaptcha/api/siteverify/

or if you dont care the parent domain and only want to have "recaptcha" word in the destination link, you can use below:

/recaptcha/*

4. Access Policy that block google or all search engine category

5. Create a new access policy on the top of step# 4 and include the custom URL category that set to "Allow"

Doing the above will allow only that link while still blocking the rest of google traffic.

Regards

Handy Putra