December Challenge: Best integration uses with DNSFilter!
Hello, Community!
We are excited to announce our new Community Challenge focusing on the best integration uses with DNSFilter!
Share your insights on the integrations you use and how you leverage them to enhance your network security and efficiency. Whether it's a seamless integration with your existing tools or a unique setup that streamlines your operations, we want to hear about it!
How to Participate:
- Login to the Community with your DNSFilter login credentials to submit your initial entry as a comment on this post
- Share details on a tool you integrate with DNSFilter and how you use it to improve your security posture
- Make sure to include screenshots, tips, or any other relevant details that showcase your setup
- Entries will be accepted until December 31, 2024.
Prizes:
Winners will be rewarded with a DNSFilter branded prize and an opportunity to have a shoutout in the Community as well as our newsletter!
FAQ (view additional Processes and Guidelines for more details):
Q: Can I participate if I'm a new DNSFilter user?
A: Absolutely! The challenge is open to all U.S. based DNSFilter users, regardless of tenure.
Q: How will the winners be determined?
A: We will have a random drawing at the end of the challenge period with each of your entries individually counted toward your chance to win!
Q: Are there any restrictions on how many times I can enter?
A: You will have a maximum of 30 opportunities to enter. Participants must first submit one use-case as a comment under this post worth 5 entries. You will then have 25 additional entry opportunities by either
- Creating a new post under the related Community Topic (e.g. ask a question, pose a discussion point)
- Answering or replying to existing posts within the Community by commenting under them
- Attending webinars, either our Support AMA or Onboarding
Call to action:
We can't wait to see your innovative integration setups! Let's make this challenge a success and continue to grow and learn together.
Thank you for being a part of the DNSFilter Community. Happy integrating! 🏎️
-
Official comment
🎉 Announcing the Winners of our Community Challenge! 🎉
Thank you to everyone who participated and viewed our Best Integration Uses with DNSFilter Community Challenge! We were blown away by the creative and innovative ways you’ve been using integrations to enhance your DNS security.
We’re excited to announce our two winners 🏆 Casey Schneider and 🏆 Shane Popat
Congratulations! 🎊 We’ll be reaching out to both of you via email to coordinate your prizes.
Stay tuned for more exciting challenges and opportunities to showcase your expertise. Thank you for being an amazing part of the DNSFilter Community!
-
My entry is a completely custom block page that gathers much more detail than what DNSFilter provides, all dynamically and in real time. The purpose here was to present the block page in a beautiful manner while also boosting the available information, making it easier to digest for both end-users and IT alike.
Our end-users can click on the unblock button which will open whatever mail app is defaulted in the OS while also dynamically filling in pertinent information within the email; such as the information related to the block and the email address for emailing the help desk. This is two-fold in that the users don't have to add any other information to the email, unless they want to, making it a 2-click operation while also providing IT personnel with enough insight to hit the DNS Filter dashboard at full steam.
Here's what the end product looks like:
Here it is in action:
Apparently gifs are not allowed in this post. Just imagine an elegant animation and dynamic information populating in real-time
What the email looks like when requesting an unblock:
For the wrinkle brained folks:
Overview of the Design
This setup dynamically displays, resolves, and communicates information about the blocked webpage using a combination of server-side PHP, client-side JavaScript, and AJAX for seamless and responsive behavior. The workflow includes resolving an IP from a domain name and fetching geolocation data from ipinfo.io
The underlying framework is WordPress as that is what was available to me at the time.
There are 4 major components here:
- DNS Filter's URL Structure for their Custom Blockpage feature
- The WordPress website
- WordPress function.php
- Client-side Javascript
Key Components of the Design
URL Structure
DNS Filter's blocked page function works as an HTTP 302-redirect and the URL itself contains a hash (#) with key-value pairs.
An example of this might look like https://domain.com/blockpage/#categories=Weaponst&domain=guns.com&ip=73.157.118.233&policy=CORP-STANDARD-POLICY.Purpose: This hash-based structure avoids sending sensitive data in query parameters (?) and allows client-side parsing of data.
Server-Side Logic (functions.php)
-
Shortcodes:
- PHP shortcodes are used to generate dynamic placeholders for the variables that DNS Filter puts in the URL prior to redirecting. This allows one to simply paste this shortcode anywhere on any page and the information will populate dynamically.
The variables DNS Filter allows are the following:
- IP
- Domain
- Categories
- Policy
-
Why PHP?
- Resolving the domain to an IP address is handled server-side for reliability and security.
- PHP ensures IP resolution is available immediately when the page loads, reducing reliance on client-side scripting alone.
-
Why AJAX?:
- The resolved IP is fetched dynamically using PHP but is displayed client-side using JavaScript, ensuring no additional server load after the page renders. Keeps things more efficient on the back-end with a very minimal impact to the user experience. A worthy trade-off
Client-Side JavaScript Logic
-
Primary Tasks:
-
Parse the URL Hash:
- JavaScript extracts information (domain, categories, IP, etc.) from the hash using window.location.hash and URLSearchParams.
- Populates HTML placeholders dynamically (e.g., document.getElementById('blocked-domain').textContent = domain;).
-
Resolve Geolocation Data:
- JavaScript uses the resolved IP from PHP and queries the ipinfo.io API to fetch city, region, country, and organization details.
-
Parse the URL Hash:
-
Why Use AJAX?
- Dynamic Updates: Fetches geolocation data from ipinfo.io dynamically without refreshing the page.
- Better UX: AJAX allows content to load in the background, ensuring a seamless user experience.
- Efficiency: Minimizes server-side load by offloading non-critical tasks (geolocation lookup) to the client.
-
Mailto Link Construction:
- Combines all the dynamic data (domain, resolved IP, geolocation, etc.) into a mailto: link.
2 -
ZScaler to DNSFilter content category mapping is an effective way in filtering out categories as:
Copyright infringement
Sites that have not been classified
And other website categories while filtering risky and malicious domains and stops the use of DNS tunneling to distribute malware and steal data.
We have the information through insights using Filters, on these logs. By this:
Action
Department
DNS Tunnel & Network App Categories
Location
Location Group
Location Type
Overall Traffic
Rule Name
User
And in DNS data, the types (data) that are there include: Client IP and Server IP.
Also, ZIA (Zscaler Internet Access) is a SWG (Secure Web Gateway) while DNSFilter focuses on Content Filtering & Threat Prevention.
We focus on threats in encrypted traffic where inspecting of TLS/SSL certificates occurs. TLS and SSL inspection differences in visibility before/after inspection is utilized where use of certificates containing public keys and corresponding private keys held by the server are needing to be encrypted. A public key is shared freely and embedded within a certificate. And the second (the private key) is kept private by the server or user.
If the certificate is valid, the machine responds with its own keying information. Only the server with its private key can decrypt that file and if the certificate is not valid, the connection is dropped.
Access to all infrastructure components including Zscaler Central Authority and ZIA Service Edge platforms is restricted and controlled and the use of key generation is then utilized.
Use Cases:
To further see/utilize NSS – Nanolog Streaming Service (NSS) for ZIA and merge the logs in Splunk. This to allow for
- Automation, Bulk Asset Importing, Automated Data Exports and Integration with External Systems would be great.
- If there may be an Event Viewer that has an existing action created with filtering such as Application logs that may be a start. For multiple Applications, to support on the file location, then possibly “trigger” these files to upload elsewhere with another method of ingestion.
- Direct SIEM capabilities or integration, whether to tie-it in at the endpoint level through a scripted action or another mechanism.
- Any information around establishing Basic HTTP Authentication via a “Basic Authentication Scheme” along with different versions of API’s supported whether it be session-based authentication where the user can login and logout by making a series of API Requests or an HTTP Header with “X-Requested-With” HTTP Header to be part of an API v2 Request to protect against any cross-site request forgery attacks.
- Automation, Bulk Asset Importing, Automated Data Exports and Integration with External Systems would be great.
Actions of:
• Update Firewall Filtering Policy Rule
• Update IP Destination Group
• Update IP Source Group
• Update Network Service
• Update URL Category
• Blacklist URLs
• Create URL Category
• Delete Firewall Filtering Policy Rule
• Delete IP Destination Group
• Delete IP Source Group
2
Please sign in to leave a comment.
Comments
3 comments