Block HTTP Requests with a Firewall

TL;DR

Yes, a firewall appliance can absolutely block HTTP requests. This is one of its core functions. You achieve this by creating rules that inspect network traffic (specifically on port 80 for standard HTTP and port 443 for HTTPS) and either allow or deny it based on source/destination IP addresses, ports, protocols, and other criteria.

How to Block HTTP Requests

1. Understand Your Firewall: Different firewalls have different interfaces. Common vendors include Cisco, Fortinet, Palo Alto Networks, Check Point, and pfSense (open-source). The general principles are the same, but the exact steps will vary.
   • Web Interface: Most modern firewalls have a web-based management interface you access through a browser.
   • Command Line Interface (CLI): More advanced users often use the CLI for configuration.
2. Identify HTTP Traffic: HTTP typically uses port 80, and HTTPS uses port 443. You’ll need to specify these ports in your firewall rules.
3. Create a Firewall Rule (Example – Basic Block): This is the core step. The following example shows how you might block all incoming HTTP traffic on port 80. The exact syntax will depend on your firewall.
   • Source Zone: Usually ‘Any’ or the zone where external traffic enters.
   • Destination Zone: The zone containing the server(s) you want to protect.
   • Protocol: TCP
   • Destination Port: 80
   • Action: Deny/Block
4. Firewall Rule Examples (Conceptual): These are *examples* and will need adapting for your specific firewall.
   • pfSense:

     # Block all incoming HTTP traffic on port 80
     config ruleblock_http {
       interface = "WAN"
       protocol = "tcp"
       srcport = "any"
       dstport = "80"
       action = "block" 
     }

   • Cisco ASA (using ASDM GUI): Navigate to Firewall > Access Rules, and create a rule with the above parameters.
   • FortiGate: Go to Policy & Objects > IPv4 Policy, create a new policy with source/destination interfaces, protocol TCP, destination port 80, and action ‘Deny’.
5. Create Rules for HTTPS (Port 443): Repeat the process from step 3 & 4 to block incoming HTTPS traffic on port 443 if required.
6. Specific IP Address Blocking: To block HTTP requests from a specific IP address:
   • Set the ‘Source’ IP address in your firewall rule to the offending IP.
   • Leave the destination as ‘Any’ or specify the server(s) you want to protect.
7. Testing: After creating the rules, test them thoroughly.
   • From a machine outside your network (or using an online tool), try to access the blocked website/service. It should be unreachable.
   • From inside your network, ensure legitimate traffic is still allowed.
8. Logging: Enable logging on your firewall rules to monitor blocked requests.
   • This helps you identify malicious activity and fine-tune your rules.
   • Check the firewall logs for entries related to blocked port 80/443 traffic.

Important Considerations

• HTTPS: Blocking HTTPS is more complex due to encryption. You may need SSL inspection (also called TLS decryption) which can impact performance and privacy.
• False Positives: Be careful not to block legitimate traffic accidentally. Thorough testing is crucial.
• Cyber security best practice: Regularly review your firewall rules to ensure they are still relevant and effective.