Allow a more specific path of a Blocked URL

cancel
Showing results for 
Search instead for 
Did you mean: 

Allow a more specific path of a Blocked URL

L2 Linker

Hi All,

 

I'm trying to determine if this is possible.

 

We are blocking abc.company.com via an entry in a custom url category which is applied to the internet policy via a URL filtering profile.

 

I need to allow abc.company.com/specificpath while still blocking all other paths. 

 

Nothing I've tried works. We have a whitelist rule above the main internet rule that we can put URLs in but I cannot get the firewall to match on the domain/path. Only on the domain.  So when I put the domain/path into the override rule, it doesn't match and continues on down to the main internet rule where it gets blocked.  Likewise, I have tried putting the domain/path into the override tab of the URL filtering profile directly and that doesn't work either.

 

Can the firewall match against domain/path or does only match against the domain and subdomain?

 

Thanks for any insight anyone might have.

 

 

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

Cyber Elite
Cyber Elite

@epeeler,

Do you have decryption enabled on this traffic so that the firewall can actually see the full URL? 

View solution in original post

L4 Transporter

I was trying to something similar before and the simple answer is that you can not using a custom URL category alone. When a URL matches multiple categories the most severe action takes precedence. See the following:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC

 

So you need to have abc.company.com in your block customer category. The put abc.company.com/specific path in the override list of the Security Profiles -> URL Filtering profile applied to your Security Policy.

 

Edit: I just re-read your post and realized you did say that you had already put the more specific in the override list. If it is blocking based on the custom block list, I would assume it is handling SSL decrypt successfully. Perhaps the pattern match in the override is not correctly terminated?

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

@epeeler,

Do you have decryption enabled on this traffic so that the firewall can actually see the full URL? 

L4 Transporter

I was trying to something similar before and the simple answer is that you can not using a custom URL category alone. When a URL matches multiple categories the most severe action takes precedence. See the following:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC

 

So you need to have abc.company.com in your block customer category. The put abc.company.com/specific path in the override list of the Security Profiles -> URL Filtering profile applied to your Security Policy.

 

Edit: I just re-read your post and realized you did say that you had already put the more specific in the override list. If it is blocking based on the custom block list, I would assume it is handling SSL decrypt successfully. Perhaps the pattern match in the override is not correctly terminated?

L2 Linker

Sorry for the late reply. Thanks to both for the response and information. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!