Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    Jan 2019
    Posts
    3

    Default Blocking IP only pages ONLY when certain conditions applied

    Hello All,

    I am trying to block IP only hosts through WEB FILTER, ONLY when certain conditions met (i.e. traffic is coming from certain host and on certain ports). I cannot use option "Block pages from IP only hosts" on Advance tab as it will block ALL IP only host.

    I tried to utilized Rules option and used following conditions with various regular expressions but nothing helped:

    HTTP:Hostname =
    \b(?: (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b
    HTTP:Hostname =
    ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9])\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9])
    HTTP:Hostname =
    \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}
    HTTP:Hostname =
    ([09]{1,3}[\.]){3}[09]{1,3}
    HTTP:Hostname =
    ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$
    Can you please explain if it is possible to block IP Only hosts via Rules, if yes, what I am missing?

    Thanks in advance.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Talking Welcome

    ...to Untangle and the forums!

    I can't answer your question.

    I have some advice. NGFW generally doesn't use pure regex. But the rules are one thing.

    A powerful NGFW facility that you need to explore is Policies. (formerly known as racks)

    The Webfilter [IP numbers only] filter is a simple checkbox.

    The key is that you can have more than one instance of the WebFilter app.

    Set up a policy for the desired hosts, at least, and mebbe the ports. I am not well-versed in that area.
    /admin/index.do#service/policy-manager/policies

    https://wiki.untangle.com/index.php/Policy_Manager#Policies
    Last edited by Jim.Alles; 11-12-2020 at 10:12 AM.
    Rohit likes this.

  3. #3
    Newbie
    Join Date
    Jan 2019
    Posts
    3

    Default

    Jim thanks for the advise, I know, I have a very unique requirement and so far I have not found any workaround to work it out. I tried to explore Policies already but so far I was not able to find a way.

  4. #4
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,135

    Default

    I'm guessing Jim has a layered approach in mind for Policy Manager, since policies can be nested/have parents.

    In any case, rule conditions are complex and use different matchers or types (e.g., boolean). It's almost certain (if I'm following at all what you're trying to do) that you'll need multiple conditions in a rule for this reason. For instance, port numbers, hostnames, and IP addresses are evaluated differently.

    And then there's picking the right app for the job, one that supports the necessary rule conditions. My instinct is that the Firewall app might be a more natural tool for this job, but I could be wrong.

    I do hope you can make it work!
    Rohit likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2