topic Re: URL Filtering Wildcards? in General Topics

URL Filtering Wildcards?

networkadmin — Mon, 18 Oct 2010 12:53:20 GMT

I have a custom URL category which contained

*.sourceforge.net with an action of "allow" (the normal action for category shareware/freeware is "alert".

When I visited "http://sourceforge.net" it logged an alert.

I had to change the custom category to contain:

*.sourceforge.net
sourceforge.net

For the allow to take effect.

I was a little surprised as I expected the wildcard to include the primary domain?

Re: URL Filtering Wildcards?

James — Mon, 18 Oct 2010 13:01:44 GMT

Hi There,

Wild cards work within delimeters/separators which are the following:

. (dot)

/ (slash)

? (question mark)

& (ampersand)

= (equal)

; (semi colon)

+ (plus)

So in your example the *.sourceforge.net would need the . (dot) to be there for a match, which it was not.

For some web sites with subdomains, you may need the following:

website.net

*.website.net

*.*.website.net

I hope this helps makes things clearer

Thanks

James

Re: URL Filtering Wildcards?

networkadmin — Mon, 18 Oct 2010 13:52:21 GMT

Thanks James, I didn't appreciate the "." was a hard delimiter and had to be present.

Re: URL Filtering Wildcards?

James — Mon, 18 Oct 2010 16:54:56 GMT

No worries - good luck

Re: URL Filtering Wildcards?

networkadmin — Sun, 31 Oct 2010 10:28:46 GMT

So there's something I'd like to do but I'm unsure how.

Right now I have our Exchange server behind the PAN and policies that do SSL decryption as well as URL filtering to only allow:

site.domain.com/oma

site.domain.com/oma/*

site.domain.com/exchange

site.domain.com/exchange/*

site.domain.com/exchweb/*

site.domain.com/favicon.ico

site.domain.com/microsoft-server-activesync

site.domain.com/microsoft-servdeviceid=*

site.domain.com/microsoft-server-acdeviceid=*

site.domain.com/microsoft-server-actdeviceid=*

site.domain.com/microsoft-server-actideviceid=*

site.domain.com/microsoft-server-activdeviceid=*

site.domain.com/microsoft-server-activedeviceid=*

site.domain.com/microsoft-server-activesdeviceid=*

site.domain.com/microsoft-server-activesync?*

site.domain.com/microsoft-server-adeviceid=*

site.domain.com/microsoft-server-deviceid=*

site.domain.com/microsoft-serverdeviceid=*

site.domain.com/public/*

site.domain.com/rpc/*

Which are the URL's that OWA uses (all the ones in the middle are due to how the PAN seems to interpret certain URL's).

I'm looking at an external host monitoring service which would need to check if "site.domain.com" is up, but right now if it tries to connect it reports "Malformed response" as the PAN is blocking/not responding to the request to https://site.domain.com as expected.

If I add "site.domain.com" to the top of my URL allow list above, I'm basically accepting any/all requests which is precisely what I don't want to do.

So how can I allow requests explicitly to "site.domain.com" but only to "site.domain.com" as well as the paths in the list above i.e. a request to "site.domain.com/somethingrandom" would still be denied?

Re: URL Filtering Wildcards?

rnitz — Mon, 08 Nov 2010 18:13:59 GMT

No, there really is no way to do what you are trying. By adding site.domain.com/ to the allow list, it will allow all queries for items to the right of "/".

The only workaround is to create a new security policy for the source IP addresses that the monitoring site uses and either allow all http traffic for that site or create a new URL filtering profile for this new security policy.

Re: URL Filtering Wildcards?

networkadmin — Mon, 08 Nov 2010 18:35:01 GMT

Thanks, I had a feeling from experimenting that might be the case, but at least that confirms it.