MWG supports
WebSocket connections and a rule set into the library. This support allows specific destinations to allow or establish a
WebSocket connection.
MWG allows the establishment of a tunnel so communication between the client, MWG, and the webserver is established. But, MWG does not scan the traffic or responses received from the web server.
CAUTION: Be careful when you allow a
WebSockets connection through MWG. You do not want to open a security hole inside your setup. We recommend that you do
not allow
WebSockets in general. Allow only the destinations that you really want to use
WebSockets.
To import the rule set:
- Log on to MWG.
- Select Policy, Rule Sets, Common Rules.
- Click Add and select Rule Set from Library.
- In the Overview section, expand Common Rules.
- Select WebSocket Handling and click OK.
- Place this rule set into your Common Rules set.
WebSocket Handling includes the following four rules:
- Enable WebSocket handling: This rule allows MWG to establish the WebSocket connection or tunnel. The event applies only to the WebSocket and is achieved by checking the connection for the specific header defining the WebSocket.
IMPORTANT: This rule is not a general bypass or tunnel; other traffic or protocols are not affected.
- Enable WebSockets for Special Sites (client initiated):
This rule allows traffic to and from the specific destination of the client initiating the WebSocket connection.
- Enable WebSockets for Special Sites (server initiated):
This rule allows traffic to and from the specific destination of the server initiating the WebSocket connection.
- Block WebSockets:
This rule blocks any other connection that the preceding two rules do not explicitly allow.