Request Types

From Secure Web Gateway
Revision as of 13:03, 5 January 2023 by Pratik (talk | contribs) (→‎Example)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Overview

Use Request Profiler to Manage profiling based on the request sent to webserver.

This section can be used to configure the rules by specifying the method of request, protocol of request, referrer, user agent.

This section Enables you to block or allow the particular websites, by using hostname(website).

By using this section Make the social networks (Facebook, Twitter) for read-only purpose. you are unable to like, comment, share,chat and gaming.

This section helps you to enforce the safe search for Google, yahoo, YouTube.

Enabling Request Type section on SafeSquid User Interface

Access SafeSquid interface

Go to configure page

AllowsitescategorySlide1 (2).PNG
 
RequestTypeSlide1 (1).PNG
 
RequestTypeSlide1 (2).PNG

Global

Enabled

Enable or Disable request types section.

  • TRUE : Enable request types section.
  • FALSE : Disable request types section.
 
RequestTypeSlide1 (3).PNG

Request Types

The following rules are tested for each connection. The testing is done in top-down order.

The first entry that matches the Request Profile of a connection, will be applied to it.

 
RequestTypeSlide1 (4).PNG
 
Request-policies1.jpg

 

 

Enabled

Enable or Disable this entry

  • TRUE : Enable this entry.
  • FALSE : Disable this entry.

Comment

For documentation, and future references, explainthe relevance of this entry with your policies.

Trace Entry

Enable or Disable Tracing of this entry

Select “Yes” to debug the application of entry using SafeSquid logs.

Enable entry tracing, is useful if you wish to validate, its application.

  • TRUE : Select this option to enable profile tracing.
  • FALSE : Select this option to disable profile tracing.

Request Profiles

Comma separated list of Request Profiles to which this entry will be applied.

This could be one or more Request Profiles already applied (ADDED REQUEST PROFILES) to the connection, due to this entry in the list.

If kept Blank, it will apply to all connections irrespective of any applied request profile.

Method

This entry applies to requests matching the selected list of Method(s).
If this entry should be applied to all requests irrespective of methods, do not select any method.

  • GET : GET method is used to retrieve information from server using a given requested web-server. Requests using GET should only retrieve data and should have no other effect on the data. Select this if you want to apply this entry for requests with GET method
  • POST : POST method is used to submit data to be processed (Example: customer information, file upload etc. using HTML forms). The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both. Select this if you want to apply this entry for requests with POST method.
  • CONNECT : CONNECT Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication(HTTPS) through an unencrypted HTTP proxy (e.g. SSL tunneling). Select this if you want to apply this entry for requests with CONNECT method.
  • HEAD : HEAD method is identical to GET. However, in response to HEAD request server shall not return a message body. Select this if you want to apply this entry for requests with HEAD method.
  • PUT : PUT method is used to upload a representation of the specified resource. If request for any web-server refers to an already existing resource, it will be modified. Otherwise server can create the resource with present URI (Uniform Resource Identifier). Select this if you want to apply this entry for requests with PUT method.
  • DELETE : DELETE method removes the specified resource. It intends to delete the resource or move it to an inaccessible location identified by the requested web-server. Select this if you want to apply this entry for requests with DELETE method.
  • TRACE : TRACE Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. Select this if you want to apply this entry for requests with TRACE method.
  • OPTIONS : OPTIONS method returns the HTTP methods that server supports URL. OPTIONS can be used to check the functionality of a web server by requesting * instead of a specific resource. Select this if you want to apply this entry for requests with OPTIONS method. Unused.

Protocol

This entry applies to requests matching the selected list of protocol(s).

IF this entry should be applied to all requests irrespective of protocols, do not select any protocol.

  • FTP : File Transfer Protocol(FTP) is a standard network protocol used to transfer files from any host to another host over a TCP-based network. Select this if you want to apply this entry for FTP clients.
  • HTTP : Hypertext Transfer Protocol(HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the protocol to exchange or transfer hypertext. Select this if you want to apply this entry for HTTP clients.
  • HTTPS : Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network. Very first request for HTTPS will be CONNECT request, subsequently it will be changed to HTTPS. Therefore, lower down in protocol it is HTTPS request. Select this if you want to apply this entry for HTTP clients who want to access websites using SSL.

Content type

This entry applies to regular expression matching to the MIME-type. Here MIME-type indicates the entity-body sent to the recipient (used with POST and PUT requests).

Request Type is the type of request sent by the requester such as an incident or request for any information.

Example : Content-Type: application/x-www-form-url encoded. IF this entry should be applied to all requests irrespective of MIME-type leave it blank.

Port range list

Comma separated list of port or ports ranges to which this entry will be applied. Here port range indicates TCP port(s) number on which the server is listening.

Example : value "80,21-25" means port 80 and port range from 21 to 25. Applies to all ports if left blank.

URL Command

Comma separated list of URL command(s) to which this entry will be applied.

If this entry should be applied to all requests irrespective of any url command leave it blank.

https : For https requests.

!https : For other than https requests.

Minimum Post Data Size

This entry applies only if Request body is more than this size.

Example : Content-Length: 48

Maximum Post Data Size

This entry applies only if Request body is less than this size.

Example : Content-Length: 480

File

This entry applies to regular expression matching the file portion of requested web-server (the part of a URL that succeeds hostname).

Leave it blank to apply all the requests irrespective of file portion of URI (Uniform Resource Identifier).

Example : (cgi-bin|\?) will apply to queries in a URL.

Host Name

This entry applies to regular expression matching the hostname(website) of requested web-server.

Leave it blank to apply all the requests irrespective of hostname(s).

Example : Host: en.wikipedia.org:80

Smart TLD

Enable this option if the regex for Host Name should be used to match irrespective of TLD.

Specify google$ in Host Name and smart TLD to enabled to ensure match for google.com or google.co.uk or google.co.in

If you strictly want to create a policy for mail.google.com, then you should set Smart TLD to disabled and mention Host Name as mail/.google/.com

  • TRUE : Ignore TLD of the requested Host Name while matching regex.
  • FALSE : The regex contains specific TLD for which the match is required.

Referer

This entry applies to regular expression matching the referrer (the address of the resource from which the requested URI was obtained) of requested web-server.

Leave it blank to apply all requests irrespective of referrer of header.

Example : Referer: http://en.wikipedia.org/wiki/Main_Page.

User Agent

This entry applies to regular expression matching to a specific internet client or web client (application requesting the information from the server).

Leave it blank to apply all requests irrespective of any application requesting the information from the server.

Example : User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/21.0.

X-Forwarded-For

This entry applies to regular expression matching the X-Forwarded-For (the IP address from where the original request came from either proxy or load balancer).

Leave it blank to apply for all requests irrespective of X-forwarded.

Example : X-Forwarded-For: 129.78.138.66.

Request header pattern

This entry applies to regular expression matching the request header pattern. Apply to all request patterns if left blank.

Added Request profiles

Comma separated list of Request Profiles that will be added to connection, if the above specified tests result true.

Removed Request profiles

Comma separated list of Request Profiles to be removed when all the above rules match.

If any of these Request profiles have been already applied to the connection by any of the other Request Profile rules, they will be removed.

 

Example

Rule#1

I want Request type for Microsoft Teams Desktop application based on its user-agent

Connections that matches the pattern for teams user agent will be added to Microsoft teams Desktop application

This is useful in case where we want to remove authentication or bypass SSL inspection only for particular application.

Slide1-rqstype.png

Rule#2

In my organization google.com has been blocked and because of which I’m unable to access apps such as google keep or gmail web applications.

I want to allow only google keep while keeping rest of the google services blocked.

Using google keep’s host name I can create Request profile for Google Keep.

Using Request type I can access Google Keep while keeping, while having rest of the google services blocked.

Slide2-rqstype.png