Netgate SG-1000 microFirewall

Author Topic: How can I block websocket protocol with pfsense?  (Read 196 times)

0 Members and 1 Guest are viewing this topic.

Offline suaroman

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
How can I block websocket protocol with pfsense?
« on: September 10, 2017, 03:56:33 am »
I've seen some corporate on-prem networks block websockets protocol and I'd like to create a test lab with pfsense configured in such a way.  How can I block websockets?   I've searched and can't seem to find a way to do this.

Offline stephenw10

  • Administrator
  • Hero Member
  • *****
  • Posts: 11867
  • Karma: +458/-15
    • View Profile
Re: How can I block websocket protocol with pfsense?
« Reply #1 on: September 11, 2017, 06:14:18 pm »
You could probably block it with Snort given enough tuning. Snort was triggering on that anyway at one time.

Possibly OpenAppID though I don't see a definition for that.

Steve

Offline Soyokaze

  • Full Member
  • ***
  • Posts: 174
  • Karma: +20/-2
    • View Profile
Re: How can I block websocket protocol with pfsense?
« Reply #2 on: September 12, 2017, 09:10:21 am »
Websocket runs over standard HTTP/S connection, so your only option is DPI systems.
Snort and, probably, Squid (denying Upgrade request).
Need full pfSense in a cloud? PM for details!