search cancel

Implementing the Domain Fronting Detection Attack feature on Web Security Service – WSS

book

Article ID: 175821

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Implementing Domain Fronting Detection Attack feature on Web Security Service (WSS)

Environment

Web Security Service (WSS) with Universal Policy Enforcement (UPE)

Resolution

Domain Fronting Attack detection is supported on WSS but is not enabled by default. This feature can be applied in WSS by using the Management Center, any customer using UPE (Universal Policy Enforcement) can use the new policy gesture as mentioned in the article here, and as shown here:.

<proxy>
  DENY http.connect.host=!"$(url.host)"

Please note that there are no spaces except before the deny statement. Blank spaces in incorrect places will cause the policy deployment to fail.