https://live.paloaltonetworks.com/t5/general-topics/url-filtering-issue/m-p/287191#M76686 <P>Hello Community,</P><P>&nbsp;</P><P>I want to block one specific https URL (without applying decryption rule) but the traffic is being allowed by the lower policy. I have applied many combinations with the wildcards but none of them works.</P><P>Can someone please help me with this.</P><P>&nbsp;</P> Sat, 07 Sep 2019 20:09:48 GMT JAIDEEP 2019-09-07T20:09:48Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-issue/m-p/287191#M76686 <P>Hello Community,</P><P>&nbsp;</P><P>I want to block one specific https URL (without applying decryption rule) but the traffic is being allowed by the lower policy. I have applied many combinations with the wildcards but none of them works.</P><P>Can someone please help me with this.</P><P>&nbsp;</P> Sat, 07 Sep 2019 20:09:48 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-issue/m-p/287191#M76686 JAIDEEP 2019-09-07T20:09:48Z https://live.paloaltonetworks.com/t5/general-topics/url-filtering-issue/m-p/287252#M76696 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/100107">@JAIDEEP</a>,</P><P>Unless you decrypt the traffic the only thing you'll see is the information in the certificate the site presents during the handshake. This means that you can only block the domain in question, you won't be able to block anything past that. The best way to do this is creating a custom URL category and setting that to block in whatever outbound web-access policy is allowing the traffic. Hope that all makes sense.&nbsp;</P> Mon, 09 Sep 2019 03:20:36 GMT https://live.paloaltonetworks.com/t5/general-topics/url-filtering-issue/m-p/287252#M76696 BPry 2019-09-09T03:20:36Z