DotW: URL Categories - match different categories

Community Team Member

This week's Discussion of the Week will be talking about URL categories and what to do in the event that a single URL returns more than 1 URL category.


User TRIsec posted the following in the General Topics area:


Here is a link to the discussion, if interested:

URL Categories - match different categories


User TRIsec was trying to use URL Categories to block or allow sites, and when it came to a URL that returned multiple categories, the user was unable to determine how to use both of those categories to either block or allow this site. This issue was happening when TRIsec used BrightCloud to determine the URL categories.


Ironic enough, the URL that was being asked about was

I will show you what you need to do to lookup and verify this information so in the event that this happens, you will know exactly what to do if you would like to either block or allow this site.


I will start off with the URL in question, which is again

You can first start with testing the site with either BrightCloud or with PAN-DB. (Depending on what URL Categorization you use with Palo Alto Networks devices.)


If you are using BrightCloud, you can go to the following URL to check a URL for its categories:


BrightCloud would return 2 URL Categories for

  • Computer and Internet Security
  • Business and Economy

Here is a screenshot from BrightCloud showing this:

2017-03-20_mult-url-cat2.pngBrightCloud site showing 2 different URL categories.



If you are using PAN-DB, you can go to the following URL to check a URL for its categories:


PAN-DB shows only 1 URL category - Computer and Internet Info


Here is the screenshot showing Palo Alto Networks site showing the URL Category:

2017-03-20_mult-url-cat3.pngPalo Alto Network's test a site showing the URL category

So, this only appears to be an issue when using BrightCloud.


To continue, if there are more than 1 URL category showing up when testing a site, what else are you to do? 

You actually have 2 options to verify this information on the Palo Alto Networks device. 


The first is by using the WEBGUI, and looking inside of the URL Logs. This is found under Monitor > URL Filtering. Inside there we recommend that you look for the traffic in question, and see what the Category is listed as:

2017-03-20_mult-url-cat4.pngPalo Alto Network's test a site showing the URL category

The second way you can verify this is by using the CLI with the "test url" command:


> test url computer-and-internet-info (Base db) expires in 93000 seconds


The solution to this issue is to notice that even though BrightCloud is showing 2 URL categories, that Palo Alto Networks is only using 1, which is Computer-and-Internet-info.


With verifying this information with what the Palo Alto Networks device is showing the URL Category, then you are able to determine what URL Category you need to use to block or allow those sites.


I hope this has helped you today.


As always, we welcome all feedback and comments below.


Thanks for reading,

Stay Secure,

Joe Delio

Ask Questions Get Answers Join the Live Community