Webserver Protection with DPI SSL Server and Contentfiltering
I have a web-server inside a DMZ. A NAT Policy and an access rule from WAN to DMZ, to make the Web-Server accessable from the internet. Certain Access Rules from LAN to DMZ for management. I use a Let's encrypt Certificate and dpi ssl-server with all features activated.
I have also created a set of URI, for a contentfilter profile, and this is where the trouble starts.
What I want:
Access should be denied if the server is reached via incorrect URL, correct URL would be DNS-Name/URLpath, if the Webserver is addressed via ip or with an incorrect URLPath, access should be denied.
What I did:
I created a Contentfilter Profile with:
Allowed URI List A-DNS-Name/URLPath
Forbidden URI List A-DNS-Name, IP-Address/*
so far the Server is reachable via IP and on every URLPath, which is very unsettling.
Contentfilter Policy from WAN to Any Zone with the above Profile.
What to do, to solve this problem?
Running NSa 2650 with SonicOS Enhanced 220.127.116.11-79n--HFGEN6-1285-3n