topic Re: security policy rule with URL filtering fails to trigger on targeted traffic in General Topics https://live.paloaltonetworks.com/t5/general-topics/security-policy-rule-with-url-filtering-fails-to-trigger-on/m-p/479351#M103890 <P>Are you decrypting the traffic? Depending on how TLS is set up, you may not see any more than the FQDN unless decrypted.</P> Fri, 08 Apr 2022 16:45:43 GMT EnriqueSaludes 2022-04-08T16:45:43Z security policy rule with URL filtering fails to trigger on targeted traffic https://live.paloaltonetworks.com/t5/general-topics/security-policy-rule-with-url-filtering-fails-to-trigger-on/m-p/478993#M103830 <P>I am trying to make a rule hit on a custom URL filtering profile with HTTP header insertion for postman traffic to be allowed, so I created a URL filtering profile with a custom URL category in order to allow the specific URL ( /upload/ subdirectory specifically and not the whole domain as I am not trying to avoid scanning the rest of the subfolders) which postman is trying to access on my server.&nbsp; (screenshots below)</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kobi3v_0-1649341375611.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40079iE23B00404F28074C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Kobi3v_0-1649341375611.png" alt="Kobi3v_0-1649341375611.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kobi3v_1-1649341375618.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40080i241DC9985D6EB5D8/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Kobi3v_1-1649341375618.png" alt="Kobi3v_1-1649341375618.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Kobi3v_2-1649341375623.png" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/40081i614016C9A715F763/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Kobi3v_2-1649341375623.png" alt="Kobi3v_2-1649341375623.png" /></span></P><P>&nbsp;</P><P>but the rule doesn’t get any hits, it instead skips it and hits a later rule that’s blocking postman’s traffic as malicious while I am trying to make it hit to whitelist access to this specific subdirectory.</P><P>I am not using app-id (but the traffic is getting caught in a following policy as web-browsing), just tcp port 9000 for traffic (as seen in the policies screenshot)</P><P>Am I using the URL filtering parameters correctly? (I verified the header id in postman, and the domain in the http header I defined is exactly the one that’s getting blocked in the threat logs)</P> Thu, 07 Apr 2022 14:30:59 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-rule-with-url-filtering-fails-to-trigger-on/m-p/478993#M103830 Kobi3v 2022-04-07T14:30:59Z Re: security policy rule with URL filtering fails to trigger on targeted traffic https://live.paloaltonetworks.com/t5/general-topics/security-policy-rule-with-url-filtering-fails-to-trigger-on/m-p/479351#M103890 <P>Are you decrypting the traffic? Depending on how TLS is set up, you may not see any more than the FQDN unless decrypted.</P> Fri, 08 Apr 2022 16:45:43 GMT https://live.paloaltonetworks.com/t5/general-topics/security-policy-rule-with-url-filtering-fails-to-trigger-on/m-p/479351#M103890 EnriqueSaludes 2022-04-08T16:45:43Z