2

I am looking into DNS-RPZ firewalls.

Can they protect against users browsing to http://{ip-address}?

If so how does that work? Given no name resolution is required?

Andrew B
  • 31,858
  • 12
  • 90
  • 128
Adam Mills
  • 25
  • 8

2 Answers2

2

I would say "no".

From here :

DNS RPZ will block DNS resolution, machines connecting to the C&C via IP address will not be blocked.

DNS RPZ are here to block DNS resolution to known malicious hosts and sites. In case of an ip address you don't have DNS resolution.

The feature you are looking for can be managed by a WAF (Web Application Firewall).

However, any Reverse Proxy is able to block access based on incorrect Host Header. Here, the ip address will be incorrect Host Header.

krisFR
  • 12,830
  • 3
  • 31
  • 40
2

No, they cannot protect from that.

DNS RPZ shouldn't been used as a tool to enforce access policies.
It's usage is to prevent users from accidentally visiting sites which are harmful.
If a user still wants to visit it and DNS RPZ is your only defense, then it is very simple for them to circumvent that.

faker
  • 17,326
  • 2
  • 60
  • 69