topic Re: How to do URL Whitelists? in General Topics

How to do URL Whitelists?

jeffm — Mon, 26 Aug 2013 17:21:00 GMT

I am trying to figure out how to do Whitelists for a list of URLs and I am not having much luck.

By default all outgoing is allowed on everything internal.

I have a group of addresses that should only be allowed to view certain websites with wildcards.

I created a profile that is set to that address group for source, ANY for everything else, and a URL Profile with the list of URLs in the whitelist. When that policy is set to Deny it blocks all traffic and if it is set to Allow it allows all traffic.

An example URL I am using is www.google.com/*

I have this policy above our Allow all rule. If I I put it beneath the allow rule it does not apply. We do have the url filtering license also.

What exactly am I doing wrong here?

Re: How to do URL Whitelists?

rmonvon — Mon, 26 Aug 2013 17:36:50 GMT

Hi...You should set the security rule for that address group with service=tcp/80, action=allow and the selected URL profile. In the selected URL profile, add the permitted URLs to the allow-list, allow content-delivery-network category, and block all other URL categories . Maybe you missed setting all other categories to block. You may need to check the URL filtering log and unblock other URLs as appropriate.

Thanks.

Re: How to do URL Whitelists?

jeffm — Wed, 28 Aug 2013 13:27:55 GMT

Thanks for the help. I have it mostly working but one thing is still rather weird.

For each site I am having to do 4 white list entries.

For example one site is saemtests.org

If they don't put www

saemtests.org/*

saemtests.org/

If they put www

*.saemtests.org/*

*.saemtests.org/

Is this normal or is there a regular expression I should be using instead?

I tried doing *saemtests* however that was not valid.

Re: How to do URL Whitelists?

${userLoginName} — Wed, 28 Aug 2013 14:10:52 GMT

When doing a whitelist, you should put for example:

saemtests.org

*.saemtests.org

Re: How to do URL Whitelists?

Retired Member — Wed, 28 Aug 2013 14:15:40 GMT

Here is the help note.Did you read that

For example, "www.paloaltonetworks.com” is different from "paloaltonetworks.com". If you want to block the entire domain, you should include both "*.paloaltonetworks.com" and "paloaltonetworks.com".

Examples:

•	www.paloaltonetworks.com

•	198.133.219.25/en/US

Block and allow lists support wildcard patterns. The following characters are considered separators:

;

Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:

*.yahoo.com (Tokens are: "*", "yahoo" and "com")

www.*.com (Tokens are: "www", "*" and "com")

www.yahoo.com/search=* (Tokens are: "www", "yahoo", "com", "search", "*")

The following patterns are invalid because the character “*” is not the only character in the token.

ww*.yahoo.com