How can I block a URL from the internet?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I block a URL from the internet?

L1 Bithead

Here is my dilemma:

 

I have an appliance that is accessible over the internet. I need the public to be able to access this (it is for web conferencing). The admin portal is also available. I would to block access to the admin portal over the internet, and make it only available from my LAN (via its private IP).

 

Let's say that the URL is: https://mysite.mycompany.com

The admin site is: https://mysite.mycompany.com/admin

 

Is there a way to black access to /admin, but still allow traffic to the other site?

2 REPLIES 2

L6 Presenter

Depends on what version of PAN-OS you're on.

 

From version 6.1.X on, you're good.  Follow these guides  (Essentially you'll just want to create a custom URL Object and use it in policy based upon how you desire to allow or deny on a case by case basis:

 

https://www.paloaltonetworks.com/documentation/61/pan-os/pan-os/url-filtering/block-and-allow-lists#...

 

 

"For example: If you want to prevent a user from accessing any website within the domain paloaltonetworks.com, you would also enter *.paloaltonetworks.com, so whatever domain prefix (http://, www, or a sub-domain prefix such as mail.paloaltonetworks.com) is added to the address, the specified action will be taken. The same applies to the sub-domain suffix; if you want to block paloaltonetworks.com/en/US, you would need to add paloaltonetworks.com/*as well."

 

https://downloads.paloaltonetworks.com/software/PAN-OS-6.1.0-RN.pdf?__gda__=1465314609_557613dbafd2a...

 

"PAN-DB can now categorize content down to the page level instead of just at the directory level. Because the pages within a domain can belong to multiple categories, this capability provides increased accuracy in filtering content and prevents potential over-blocking of web content. If, for example, you block malware and allow access to business/ news content for users on your network, they can access http://www.acme.com/c/news.html because it is categorized as news/business, but be denied access to http://www.acme.com/c/malware.exe because PAN-DB categorizes the full-path for this web page as malware. "

 

 

 

L7 Applicator

You should also check with your conferencing software vendor.  Many of them anticipate this problem and provide mechanisms to restrict Admin access at the application level on the server.  They also might provide options for role separations so that your public facing server does not have these features eabled.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 2576 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!