https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/518030#M490 <P>Thank you for reply. Could you share some more detail information ?</P> Mon, 17 Oct 2022 02:34:11 GMT kiennn 2022-10-17T02:34:11Z https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/517981#M488 <P>Hi everyone</P> <P>Can bypass the url filtering by&nbsp;changing the URL in HTTP get request ?<BR />For example<BR />Firewall rule deny connect to url deny.com and allow url allow.com<BR />User try to connect to deny.com with IP adress a.b.c.d, user add item the host file or using plugin/extension of browsers to change http request to allow.com but destination ip address in packet is a.b.c.d<BR />Firewall will allow the request, so user can connect to deny.com by IP address ?</P> <P>Thanks</P> Fri, 14 Oct 2022 17:38:04 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/517981#M488 kiennn 2022-10-14T17:38:04Z https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/518009#M489 <P>For HTTPS the firewall can categorise it based on the certificate CN received, which is not something the client can falsify.</P> <P>&nbsp;</P> <P>For plaintext HTTP traffic, the only information available is the HTTP host header, so it will be categorised based on that.</P> Sat, 15 Oct 2022 22:03:43 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/518009#M489 dmifsud 2022-10-15T22:03:43Z https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/518030#M490 <P>Thank you for reply. Could you share some more detail information ?</P> Mon, 17 Oct 2022 02:34:11 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/bypass-the-url-filtering/m-p/518030#M490 kiennn 2022-10-17T02:34:11Z