Block layer 7 on websites



  • Hi,

    Is there a package within pfSense that lets you block layer 7 streaming on website?

    For example: blocking an embedded video player on website without actually blocking the whole website.

    Thanks in advance,
    Darren


  • Galactic Empire

    Snort and the openappid streaming media rule.



  • Thanks @NogBadTheBad

    Do you know if there is any documentation available on how to create this rule?


  • Galactic Empire

    The rules are there, i think you need to select it then unselect everything you want to pass in the actual rule.

    Then enable blocking in the interface.


  • Galactic Empire

    0_1549370926021_Screenshot 2019-02-05 at 12.43.43.png

    0_1549370930780_Screenshot 2019-02-05 at 12.44.16.png

    0_1549370942821_Screenshot 2019-02-05 at 12.44.57.png

    0_1549370948103_Screenshot 2019-02-05 at 12.45.13.png

    0_1549370952875_Screenshot 2019-02-05 at 12.45.51.png



  • @NogBadTheBad

    Brilliant m8. Thanks for the input. Much appreciated. It works perfectly :)

    Now I'm trying to see whether you can manually add rules to the list because there were some embedded video players that weren't blocked since there were no signatures combined to them.



  • @dma11 said in Block layer 7 on websites:

    @NogBadTheBad

    Brilliant m8. Thanks for the input. Much appreciated. It works perfectly :)

    Now I'm trying to see whether you can manually add rules to the list because there were some embedded video players that weren't blocked since there were no signatures combined to them.

    Provided you know and follow the required syntax, you can create your own custom rules and add them to the list of enforced rules in Snort. Go to the RULES tab (first EDIT an interface and then choose the RULES tab) and choose Custom in the Category selection drop-down. Type your rules into the text area box. Save them and restart Snort on the interface.



  • @bmeeks said in Block layer 7 on websites:

    @dma11 said in Block layer 7 on websites:

    @NogBadTheBad

    Brilliant m8. Thanks for the input. Much appreciated. It works perfectly :)

    Now I'm trying to see whether you can manually add rules to the list because there were some embedded video players that weren't blocked since there were no signatures combined to them.

    Provided you know and follow the required syntax, you can create your own custom rules and add them to the list of enforced rules in Snort. Go to the RULES tab (first EDIT an interface and then choose the RULES tab) and choose Custom in the Category selection drop-down. Type your rules into the text area box. Save them and restart Snort on the interface.

    hi bmeeks;

    Can you share a sample packet listening and blocking path detail. chrome, opera, firewfox vpn apps etc. (not the rule listed, the new custom rule)
    thanks.



  • @susamlicubuk said in Block layer 7 on websites:

    @bmeeks said in Block layer 7 on websites:

    @dma11 said in Block layer 7 on websites:

    @NogBadTheBad

    Brilliant m8. Thanks for the input. Much appreciated. It works perfectly :)

    Now I'm trying to see whether you can manually add rules to the list because there were some embedded video players that weren't blocked since there were no signatures combined to them.

    Provided you know and follow the required syntax, you can create your own custom rules and add them to the list of enforced rules in Snort. Go to the RULES tab (first EDIT an interface and then choose the RULES tab) and choose Custom in the Category selection drop-down. Type your rules into the text area box. Save them and restart Snort on the interface.

    hi bmeeks;

    Can you share a sample packet listening and blocking path detail. chrome, opera, firewfox vpn apps etc. (not the rule listed, the new custom rule)
    thanks.

    Sorry, I am not a rule writer. Never bothered to learn the syntax in detail. You should be able to find some examples with a Google search, and then maybe build off the rules included in the OpenAppID package with pfSense.