topic Re: Block domain .covid. in General Topics

Block domain .covid.

shubhamG — Thu, 25 Feb 2021 06:34:31 GMT

Hi Team

can we blocked domain in palo alto if domain name contains is *.*covid*.* in palo alto.

I was also wondering whether blocking such domain will be better through dns sinkhole or URL filtering.

Re: Block domain .covid.

reaper — Thu, 25 Feb 2021 08:21:22 GMT

in URL filtering the url is broken up into tokens separated by dots (ie token.token.token)

in a token you can either add a string or a wildcard, but not both

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/block-and-allow-lists.html

but you can create custom vulnerabilities where you have full reign over the wildcards and regex you use to identify patterns

Re: Block domain .covid.

kiwi — Thu, 25 Feb 2021 08:24:05 GMT

Hi @shubhamG ,

You can't use consecutive asterisks. Consecutive asterisks in a URL wildcard pattern can severely impact performance and is not supported. Instead, use a single asterisk or multiple carets (^) to indicate consecutive tokens.

Check the following article on how you can use asterisk or caret wildcards : https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/url-filtering/block-and-allow-lists.html

You might want to look into creating a custom application with a pattern match (you can use regular expressions to do a pattern match): https://docs.paloaltonetworks.com/pan-os/u-v/custom-app-id-and-threat-signatures/custom-application-and-threat-signatures/create-a-custom-application-signature.html

Cheers !

-Kiwi

topic Re: Block domain *.*covid*.* in General Topics

Block domain *.*covid*.*

Re: Block domain *.*covid*.*

Re: Block domain *.*covid*.*

topic Re: Block domain .covid. in General Topics

Block domain .covid.

Re: Block domain .covid.

Re: Block domain .covid.