How do I check how a URL is categorized and suggest changes or corrections?

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
Not applicable

How do I check how a URL is categorized and suggest changes or corrections?

I just started getting blocked when going to Facebook.  Here is the default block page:

Web Page Blocked

Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

User: [me]

URL: www.facebook.com/

Category: phishing-and-other-frauds

This got me to wondering how I can check URL's to see how they are categorized and also what the best way it so suggest changes or corrections.  Also, is documentation maintained and available on why a site has received a certain categoy?  For example, has Facebook really earned a place in the phishing category?


Accepted Solutions
Highlighted
L5 Sessionator

Here is the CLI command to test a URL.

admin@PA-500> debug device-server test url facebook.com

facebook.com social-networking (Base db)


admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com phishing-and-other-frauds (Base db)

Using this example you can see the Facebook problem.  www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.

Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence.  I'll provide an update when we have one.

View solution in original post


All Replies
Highlighted
L4 Transporter

We got caught by this earlier today.  Dangers of a third-party database (though of course the pro's outweigh the con's).

www.brightcloud.com has a tester, and a means to submit a URL for re-classification, though I did so a good few hours ago and it still doesn't seem to have changed, which is surprising given, well, it's Facebook not some obscure website.

Highlighted
L5 Sessionator

Here is the CLI command to test a URL.

admin@PA-500> debug device-server test url facebook.com

facebook.com social-networking (Base db)


admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com phishing-and-other-frauds (Base db)

Using this example you can see the Facebook problem.  www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.

Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence.  I'll provide an update when we have one.

View solution in original post

Highlighted
L4 Transporter

Thanks for that - not wanting to hijack the thread but can you explain if/when the change will be picked up by our Palo Alto please?

I'm a little unclear what is held "on-box" and what is cached/queried "on the fly"?

Thanks.

Highlighted
L5 Sessionator

The new version will be pushed to the PANs as soon as it is available and you'll be able to perform the upgrade.

Highlighted
L5 Sessionator

The new URL database, version 3270, is now available to install. The problem has been fixed:

admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com social-networking (Base db)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!