infoblox_threat_defense:url_filtering
Table of Contents
Threat Defense URL Filtering
When Infoblox filters a DNS name, it returns one of the following IP addresses
52.4.105.248
3.215.231.251
35.168.95.233
When you go to this IP, you will see the Infoblox block page.
ByPasscodes will redirect users to
https://smartproxy.b1tdc.infoblox.com
If you access this page over HTTPS, the page will be signed by the Infoblox BloxOne Root CA.
You must install this certificate as a trusted Root CA to avoid browser errors.
Filtering Example
You cannot have more than 5 expressions
(category="Browser Exploits") OR (category="Malicious Downloads") OR (category="Malicious Sites") OR (category="Phishing") OR (category="Spyware/Adware/Keyloggers")
(category="Pornography") OR (category="Gambling")
(category!=Uncategorized) AND (category!="Parked Domain") AND (category!="Shareware/Freeware")
- (action=Redirect)
- (action=Log)
- (category!=“Anonymizing Utilities”)
- (category!=“Shareware/Freeware”)
- (category!=Uncategorized)
- (device_ip=10.10.54.103)
- (device_name=laptopname.example.com.)
- (query=api.bazaarvoice.com)
- (query=bazaarvoice.com) - This will also match api.bazaarvoice.com
- (user=unknown)
Unknown Category
Exempt from Category Checking (thus “unknown”)
- ntp.org
- infoblox.com
- login.okta.com
- cdnjs.cloudflare.com
Categories
List of web categories documented here.
infoblox_threat_defense/url_filtering.txt · Last modified: by bstafford