Skip to main content
Skyhigh Security

Use Properties and an Event in Rules for a SOCKS Proxy

Two properties and an event are available to create rules for controlling the behavior of Web Gateway when it runs as a SOCKS proxy.

NOTE: There is no preconfigured SOCKS proxy rule set available in the default rule set system or the rule set library. If you want to use such rules, you need to create them and insert them in an existing rule set or create a rule set for them.

  • ProtocolDetector.DetectedProtocol — This property can be used to detect the embedded protocol that is followed in web traffic under the SOCKS protocol, for example, HTTP or HTTPS.
    Its value is the protocol name in string format. When the embedded protocol cannot be detected, the string is empty.
     
  • ProtocolDetector.ProtocolFilterable — This property can be used to find out whether filtering is supported for web traffic following the embedded protocol that has been detected.

    Its value is true if this traffic is filterable and false otherwise.

    If this property is processed in a rule, the ProtocolDetector.DetectedProtocol property is also filled with a value.If this value is an empty string for the latter property, which means no the embedded protocol could not be detected, the value of the ProtocolDetector.ProtocolFilterable property is, consequently, set to false.
     
  • ProtocolDetector.ApplyFiltering — This event can be used to enable processing of other rules that are configured on Web Gateway for filtering web traffic under the protocol that has been detected.

Accordingly, the following rule enables processing of other rules for filtering web traffic under the SOCKS protocol if an embedded protocol has been detected that is filterable.

Name
Enable filtering for SOCKS traffic following an embedded protocol that is filterable
Criteria                                               Action         Event
ProtocolDetector.ProtocolFilterable is true     –>     StopCycle      ProtocolDetector.ApplyFiltering

 

The following rule blocks SOCKS traffic if no embedded protocol is detected.

Name
Block SOCKS traffic if no embedded protocol can be detected
Criteria                                                     Action
ProtocolDetector.DetectedProtocol equals " "         –>      Block

If no rule is configured that would enable the filtering of SOCKS traffic or block it if no embedded protocol is detected, this traffic is allowed.

This means that if a request for web access is received from a SOCKS client on Web Gateway, it is forwarded to the requested web server without any further processing.

  • Was this article helpful?