Endpoint Agent Configuration: How make HTTPS exception for internal web-servers that has IP's instead of FQDN.
search cancel

Endpoint Agent Configuration: How make HTTPS exception for internal web-servers that has IP's instead of FQDN.

book

Article ID: 184279

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

You have some internal company web-service or services which does not have domain name and is/are accessible by IP and using HTTPS. 

Example: HTTPS://<IPAddress>/*

The Endpoint Prevent policy blocking all sensitive traffic on HTTPS channel and internal web resources are affects as well. So need to add these IP to HTTPS domain exceptions.

 

Environment

DLP: Endpoint Prevent and Enforcer server ver. 14.5 - 15.8

Cause

Administration Guide Documentation is not very clear on Domain filters (HTTPS) parameters format.

Resolution

1. Go to System > Agents >Agent Configuration on Enforce console.

2. Open the needed Agent Configuration for editing and switch to the tab Channel Filters

3. Under the Filter By Network Properties, in the Domain Filters HTTPS Input field add the IP of your web-service following the next pattern:

-<IPAddress>,+*,*

 

Where <IPAddress> is the IP address of the internal web-service (site)

The minus sign '-' means it won't be monitored, in the normal notation (e.g. 10.17.2.120),

The plus '+' sign and '*' asterisks assures the monitoring of all other HTTPS traffic

Note: No exceptions for that IP are needed in the policy.

 

Examples:

 For the IP 10.17.2.120 it will be:

-10.17.2.120,+*,*

For IP range: 10.17.2.* it will be:

-10.17.2.*,+*,*

If you need to use both - single IP and range:

-,10.17.2.120/32,*;-,10.18.2.120/27,*;+,*,*

Powered by Wolken Software