It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda CloudGen Firewall
Overview Documentation Training Certification Materials

How to Configure Botnet and Spyware Protection for Web Traffic

  • Last updated on

If you are not using a DNS sinkhole you can configure the URL filtering in the firewall to achieve similar results for HTTP and HTTPS traffic. This allows you to restrict access to malicious websites that may compromise the security of your client. The Malicious Sites URL category also uses spyware and a botnet database. Create a URL Filter policy object blocking access to websites in the Malicious Sites category and use it in the application rule matching your web traffic. When access to a malicious site is detected, the user is redirected to a custom block page. A valid Energize Updates subscription is required.

Before You Begin

Step 1. Create a URL Filter Policy Object

Create a URL Filter policy object and set the Action for Malicious Sites category to Block.

spy_bot_url_filter_01.png

For more information, see How to Create a URL Filter Policy Object.

Step 2. Enable URL Categorization

You must enable the URL Filter to be able to process URL categorization requests. To change additional settings for the URL Filter service, see the Application Detection section in General Firewall Configuration.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Security Policy.
  2. Click Lock
  3. In the URL Filter section, click Enable URL Filter in the Firewall.
    enable_URL_Filter.png
  4. Click Send Changes and Activate.

The Barracuda URL Filter is now enabled and can handle URL categorization requests.

Step 3. Enable the URL Filter for the Access Rule Handling Web Traffic

Enable Application Control, TLS Inspection, and URL Filter for the access rule matching web traffic.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. Double-click to edit the access rule matching HTTP and HTTPS traffic.
  3. Click on the Application Policy link and select:
    • Application Control – required.
    • TLS Inspection – recommended.
    • URL Filter – required.
    access_rule_for_matching_web_traffic.png
  4. Select a policy from the TLS Inspection Policy drop-down list.
  5. Click OK
  6. Click Send Changes and Activate.

Step 4. Create an Application Rule using URL Filter Objects

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
    In the left menu, click Application Rules.
  2. Click Lock.
  3. Create a Pass application rule. For more information, see How to Create an Application Rule.
    • Source – Select the same source used in the matching access rule.
    • Application - Select Any to use only the web filtering. Otherwise, select an application object from the drop-down list to combine application control and URL filtering.
    • Destination - Select Internet.
  4. Click the URL Filter, File Content, User Agent link.
  5. Click URL Filter.
  6. Click the URL Filter policy object created in step 1.
    spy_bot_url_filter_02.png
  7. Click OK.
  8. Click Send Changes and Activate.
Firewall Monitor

Go to FIREWALL > Monitor and drill down into the Malicious Sites category to receive a summary of all clients attempting to access websites in this category.

firewall_monitor.png