Category Blocked, one site in Whitelist

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Category Blocked, one site in Whitelist

L1 Bithead

Hi There,

i my specific example i blocked the category Online-storage and Backup but white-listed www.slideshare.net. But apparently slideshare.net looks like crap. I guess it's because of restrictions fromthe category but not pretty sure.

The site seems to have problems with CSS cause i can see the content, but without any style. Anybody of you experiencing the same issue or can give me a hint? Honestly I'm a bit stuck here right now, any idea what i can do would be great.

Thanks in advance,

Kai

12 REPLIES 12

L4 Transporter

Hi Mfb,

You can try costume URL profile. Pic is below and what are you getting in log pls share for more clarification.

costom.PNG

Regards

Satish

L2 Linker

Hi MFB,

I have replicated the same in my lab device and everything is working as expected. I have tested with and without decryption. Just added below is the screenshot for the URL filter object I have used, hope this should help you. I am using brightcloud as my DB. Also you can try a different browser to see if you are having the same  behavior

MFB.jpg

L0 Member

Hi,

You can try to add entry as mentioned below in allow list (Add both lines) and commit the change.

*.slideshare.net

slideshare.net/


Regards,

P.Sarath

Hi sbadu, smalayappan,

i tried both, not with any success.. please find attached the screenshot from the (i guess) missing CSS on the page.

Thanks,

Kaislideshareissue.JPG

L2 Linker

Hi MFB, I think I know where you are having the issue, it is nothing to do with the URL filter profile, it is purely with the IE compatibility issue that is happening on the browser. Try on a different browser to see if it is working. In the meantime I was able to get the same issue when I added the site to the compatible view settings option in IE. Screenshot for your reference.

  1. Click on the gear symbol in IE.
  2. Compatible View Settings
  3. Remove the site if it added to the list.

Test.jpg

L0 Member

Hi,

This seems like application block or some other issues. Nothing to do with URL filtering profile.

Regards,

P.Sarath.

Hi there,

just doublecheckt... Chrome, IE and Firefox both Show the same (missorganized) content. As soon as i bypass the PaloAlto i get everything in a correct view.

sbabu, good thinking. Any idea what application this could be? Otherwise i will check and let you know as soon as is found the application that is blocked.

Thanks,

Kai

I am currently having my traffic flow through the firewall running PAN OS 6.0.6 and App version 477-2502, and have not called any security profile in the rule.

L0 Member

Hi MFB,

What is your APP and Threat version?  Also you can check monitor logs to find out what application is used for this website.

Regards,

P.Sarath

L5 Sessionator

MFB123

Could you try that website in Chrome (or Firefox) then go to More tools > Developer Tools (Click on Network tab).

Now click on Network, refresh the page and see what elements are not being loaded (those will be in red).

L4 Transporter

As mentioned before, if the site is whitelisted, then it will not be blocked. I don't believe this is an issue with the URL filtering profile, but possible something else.

I would be curious to see if the firewall is dropping anything, since you mentioned that the website loads correctly if you bypass the firewall.

I would setup filters under 'Monitor > Packet Captures' along with turning filtering and capturing on. While you are doing this, reference the filters, generate traffic, and run the following command twice. (Once to zero out all the flags, and once again to show you any changes since the last time you ran this command. Zero it out by running twice, then generate some traffic that will match the filters you specified.)

'show counter global filter packet-filter yes delta yes'

If there are any drops, it should trigger a flag and tell you why.

You can also look at the session info to verify a few other things.

'show session all filter source x.x.x.x destination x.x.x.x' (can use a combination of filters for this command)

Find the session ID then run:

'show session id #####'

This may help determine if the Firewall is dropping anything, but it doesn't appear to be an issue with the URL filtering profile.

Let us know,

Thanks!

L7 Applicator

Often times web pages fetch content from other websites to compose a full web page.

Your URL filtering may be stripping out content.

You can see if this is the case with the "Log container page only" checkbox on the URL Filtering profile. Uncheck it, so you will begin logging on the URL filtering logs, if you're filtering sub-webpages from the same site.

Since this option will generate a lot of logging for every webpage that needs URL Filtering actions, it is recommended to be unchecked only for troubleshooting purposes, so leave it checked when you're done troubleshooting.

  • 6793 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!