Layer 7 : allow only HTTP trafic
-
Hi,
I would like to allow only HTTP traffic on port 80/tcp. No HTTPS or else. I think I need to check with Layer 7 if the traffic is HTTP. But I can only drop it in the window definition, not allow it.
I know how open the TCP port 80 in the firewall rules, I see the advanced option for Layer7, but I don't understand how configure all af this.
I have a drop all policy, so I explicitly add the open rule, then there is a drop rule.Thanks
Dom
-
If you restrict your lan rules to allow only port 80, you can do this layer7 filtering much better with squid proxy in transparent mode.
-
OK for port 80. I'll check by transparent squid.
I was thinking it is better to not filter by ports but only by L7 protocols. In this case, imagine the port 110 or something else, and then, I would like to reject if it is not the standard protocol. Is this possible with L7 in PFsense ?
Thanks for your efficient answer, I appreciate !
-
You can apply rules to block protocols based on L7 rules, but I did not found on l7 config a way to allow a specific protocols and deny anything else.
-
Thanks for your answer. I didn't find anything too.