https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475132#M103431 <P>Hi Team,</P><P>&nbsp;</P><P>will it actually make sense to apply the URL Filtering for the Inbound traffic to our Internal Server?</P> Wed, 23 Mar 2022 07:36:09 GMT SubaMuthuram 2022-03-23T07:36:09Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475132#M103431 <P>Hi Team,</P><P>&nbsp;</P><P>will it actually make sense to apply the URL Filtering for the Inbound traffic to our Internal Server?</P> Wed, 23 Mar 2022 07:36:09 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475132#M103431 SubaMuthuram 2022-03-23T07:36:09Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475511#M103469 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179734">@SubaMuthuram</a> ,</P> <P>&nbsp;</P> <P>I see one use-case where you could apply URL filtering to restrict the incoming URL to something specific ... in order to prevent folder hopping or directory searching.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 24 Mar 2022 14:12:28 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475511#M103469 kiwi 2022-03-24T14:12:28Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475675#M103481 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/179734">@SubaMuthuram</a>,</P><P>There's some very specific scenarios where it can be useful in certain edge cases, but it's not generally something that I would worry about. Generally speaking creating custom App-IDs, and where needed vulnerability signatures for something like ECP in an on-prem Exchange environment, is more useful for the vast majority of environments.&nbsp;</P> Fri, 25 Mar 2022 00:37:41 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/475675#M103481 BPry 2022-03-25T00:37:41Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/476260#M103551 <P>Hi Team,</P><P>&nbsp;</P><P>Thanks for the reply, One of our client has the below issue, Whenever they trying to access their internal server from outside, in the URL filtering the traffic is categorized as Adult category and the URL showing xnxx.com</P><P>&nbsp;</P><P>Please refer the below image,</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SubaMuthuram_0-1648466341372.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/39870iAB8FFCF8B082701A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="SubaMuthuram_0-1648466341372.png" alt="SubaMuthuram_0-1648466341372.png" /></span></P><P>Please enlighten me what is the logic behind this, Is it indicating the traffic from malicious IP address.&nbsp;</P> Mon, 28 Mar 2022 11:20:32 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/476260#M103551 SubaMuthuram 2022-03-28T11:20:32Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/476262#M103553 <P>in the URL the customer is using, does it contain xnxx.com in any way? you may need to disable "log container pages only" in the url filtering profile to see this information</P> <P>&nbsp;</P> <P>you could try the following:</P> <P>create a custom url category containing the right URLs for the internal webserver</P> <P>set the custom category in the services/url tab of the security rule</P> <P>remove the url filtering profile from the security profiles</P> <P>&nbsp;</P> Mon, 28 Mar 2022 11:42:10 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-for-inbound-servers/m-p/476262#M103553 reaper 2022-03-28T11:42:10Z