How to Prevent Policy Avoidance Using Direct IP of Website within Local database on ProxySG

book

Article ID: 169219

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

A customer wants to use a local database rather then BCWF but is concerned that users will be able to bypass the policy by accessing the URL directly via the IP address.

Resolution

In order to prevent this, RDNS restrictions should be set to None. This is because if the ProxySG does not perform a RDNS lookup and relates it to the host domain, then it will not be able to match the rule within the Policy as the database does not contain the IP address like the BCWF does.

 During testing this was found to be correct for some websites such as BBC.co.uk: 

User-added image
 
...but on other websites such as www.speedhunters.com (ns: lookup 52.87.84.8), access to the frame of the website was possible using the IP address but when clicking on any related URLs resulted in an exception page.

User-added image
 
This was due to the IP resolving to a content server rather than the URL.

Block the content server in order to prevent this (ec2-52-87-84-8.compute-1.amazonaws.com). 

 User-added image

Attachments