We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Botnet and Spyware Protection for Web Traffic

  • Last updated on

If you are not using a DNS sinkhole you can configure the URL filtering in the firewall to achieve similar results for HTTP and HTTPS traffic. This allows you to restrict access to malicious websites that may compromise the security of your client. The Malicious Sites URL category also uses the spyware and botnet database. Create a URL Filter policy object blocking access to websites in the Malicious Sites category and use it in the application rule matching your web traffic. When access to a malicious site is detected, the user is redirected to a custom block page. A valid Energize Updates subscription is required.

Step 1. Create a URL Filter Policy Object

Create a URL Filter policy object and set the Action for Malicious Sites  category to Block.

spy_bot_url_filter_01.png

For more information, see How to Create a URL Filter Policy Object.

Step 2. Enable URL Categorization

You must enable the URL Filter to be able to process URL categorization requests. To change additional settings for the URL Filter service, see the Application Detection section in General Firewall Configuration.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Security Policy .
  2. Click Lock
  3. In the URL Filter section, click Enable URL Filter in the Firewall.
    enable_URL_Filter.png
  4. Click Send Changes and Activate.

The Barracuda URL Filter is now enabled and can handle URL categorization requests.

Step 3. Enable the URL Filter for the Access Rule Handling Web Traffic

Enable Application Control, SSL Interception, and URL Filter for the access rule matching web traffic.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
  2. Double-click to edit the access rule matching HTTP and HTTPS traffic.
  3. Click on the Application Policy link and select:
    • Application Control – required.
    • SSL Interception – recommended.
    • URL Filter – required.
    Conf_WF_Firewall_03.png
  4. Click OK
  5. Click Send Changes and Activate.

Step 4. Create an Application Rule using URL Filter Objects

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Rules.
  2. In the left menu, click Application Rules.
  3. Click Lock.  
  4. Create a Pass application rule. For more information, see How to Create an Application Rule
    • Source – Select the same source used in the matching access rule.
    • Application  Select Any to use only the web filtering. Otherwise, select an application object from the drop-down list to combine application control and URL filtering.
    • Destination  Select Internet.
  5. Click the URL Filter, File Content, User Agent link.
  6.  Click URL Filter.
  7. Click the URL Filter policy object created in step 1.
    spy_bot_url_filter_02.png
  8. Click OK.
  9. Click Send Changes and Activate.
Firewall Monitor

Go to FIREWALL > Monitor and drill down into the Malicious Sites category to receive a summary of all clients attempting to access websites in this category.

firewall_monitor.png

Last updated on