Custom URL Filter - Site Definition Format

Reply
Highlighted
L2 Linker

Custom URL Filter - Site Definition Format

We started using Custom URL Categories, and it seems when we define a site, we have to add both a wild card to cover any subdomain, and a / to cover all URI/URL of the domain, IE:

*.acme.corp      (To cover subdomains)

acme.corp/       (To cover all URLs/URIs to the domain)

 

My question is (I'm getting into this deployed late) is that my predecessor said that combining the two did not seem to work:

*.acme.corp/

 

Does this seem to be the case via people's experience?

 

Thanks!

 

Mike

 


Accepted Solutions
Highlighted
Cyber Elite

You need both.  You were correct in writing:

 

*.acme.corp      (To cover subdomains)

acme.corp/       (To cover all URLs/URIs to the domain)

 

*.acme.corp = anything coming before (.) acme.corp and anything under that variation

 

*.acme.corp will not = anything acme.corp and anything after.

 

 

The asterisk is a wildcard.

View solution in original post

Highlighted
L7 Applicator

Hi Mike

 

here's an article on wildcard guidelines: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/url-filtering/url-category-exception-lists

 

/ is used as a token separator to prevent your tld being part of a larger domain 

eg. 'my.com'

could also hit

my.company.com

so you can add the / to 'end' the string

 

wildcards like * should not influence that (make sure to not use wildcards at the end of a string)

Tom Piens - PANgurus.com
Find my book at amazon.com/dp/1789956374

View solution in original post


All Replies
Highlighted
Cyber Elite

You need both.  You were correct in writing:

 

*.acme.corp      (To cover subdomains)

acme.corp/       (To cover all URLs/URIs to the domain)

 

*.acme.corp = anything coming before (.) acme.corp and anything under that variation

 

*.acme.corp will not = anything acme.corp and anything after.

 

 

The asterisk is a wildcard.

View solution in original post

Highlighted
L7 Applicator

Hi Mike

 

here's an article on wildcard guidelines: https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/url-filtering/url-category-exception-lists

 

/ is used as a token separator to prevent your tld being part of a larger domain 

eg. 'my.com'

could also hit

my.company.com

so you can add the / to 'end' the string

 

wildcards like * should not influence that (make sure to not use wildcards at the end of a string)

Tom Piens - PANgurus.com
Find my book at amazon.com/dp/1789956374

View solution in original post

Highlighted
L0 Member

Hi reaper.

 

I was a bit surprised about this information that my.com could hit my.company.com and figured I had to update lots and lots of entries in our custom categories but I'm unable to repeat this behaviour on PanOS 8.0.16. I actually created the fqdns my.com and my.company.com so they are resolvable and put only my.com in a custom URL category called "molndal-block".

 

When testing the fqdns with a browser (tried several) my.com triggers on the custom category but my.company.com does not?

 

mycom-customcategory.png

 

Logs:

mycompany-log.png

 

Im guessing this result might depend on if the browser adds a "/" the the end of the fqdn or not? (every browser I'v tried does this tho) or is there some flaw in my testing?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!