URL/Web Filtering

Question

We are the Core Internet Backbone Service Provider, our core router is connected to outside world for internet services in our country, we have strong enforcement to block few websites from our telecommunication authorities, can anybody let us know that how we will do url/web filtering through LTM's iRule.   
&nbsp;    
&nbsp;  Thanks   
&nbsp;    
&nbsp;  RGK

the_bhattman · Answer

Hi RGK, 
     Here is a simple one that blocks access based on hosts using a datagroup

class blocked_hosts { 
   "wwwa.example.com" 
   "wwwb.example.com" 
   "wwwc.example.com" 
 }

when HTTP_REQUEST { 
    if {[matchclass [HTTP::host] eq $::blocked_hosts ] } { 
         HTTP::respond 404 
       } 
 }

I hope this helps 
 CB

hooleylist · Answer

CB's suggestion would work if you add an HTTP profile to the outbound HTTP virtual server.  For HTTPS, you would need a cert--which all clients accept as valid for any external domain--in order to decrypt, inspect and modify the HTTP.  I would be very curious to hear whether you have such a certificate and key... 
&nbsp;  
&nbsp; And I'm not sure I like the idea of helping a country's major backbone provider block access to external sites for the country.  There are numerous ways to bypass such attempts as seen with the great firewall of China and the Iranian attempts at censorship. 
&nbsp;  
&nbsp; Aaron

rgk_76855 · Answer

Aaron, if you are talking about ssl interception then as per my understandings bluecoat can do this job very well and have no idea about the F5 ADC, Although l would say proxySG that it can transparently proxy the https traffic and send its own cert - key to all clients. 
&nbsp;    
&nbsp; For all clients, proxySG will be the destination server and if the destination is allowed then proxy will create new connection to the OCS on behalf of request sent to in-line proxySG. If the requested OCS is not allowed then ProxySG will deny the request. This is how ProxySG breaks  the ssl  tunnel. 
&nbsp;  
&nbsp; I have no idea yet that F5 LTM can do the same job as I elaborated above for Bluecoat ProxySG. If I am wrong then request you to correct my understandings. 
&nbsp;  
&nbsp; I also request both of you and all of you to help me for the same task which has given to me today that what solution is best for url filtering ,  
&nbsp; I know that bluecoat and its BCWF can do this job for me but due to throughput constraints we are not interested to buy bluecoat ProxySG appliances and Load balancers to block very few websites from the traffic of millions of websites. 
&nbsp;  
&nbsp; Thanks 
&nbsp;  
&nbsp; RGK &nbsp;

the_bhattman · Answer

Have you ever thought of using SquidProxy? 
&nbsp;  
&nbsp; CB

rgk_76855 · Answer

If I use proxySG for URL filtering and traffic redirection from LTM then will it be okay for us to block all blacklisted https or http traffic?

Forum Discussion

URL/Web Filtering

8 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

BGP - filtering kernel redistribution

ASM filtered HTML exceeded limit: event code C190 Filtered Response HTML exceeded max limit

Filtering traffic based on client ip address and URL

X-Forwarded-For Log Filter for Windows Servers

IIS X-Forward-For ISAPI Filter