How do I check how a URL is categorized and suggest changes or corrections?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How do I check how a URL is categorized and suggest changes or corrections?

Not applicable

I just started getting blocked when going to Facebook.  Here is the default block page:

Web Page Blocked

Access to the web page you were trying to visit has been blocked in accordance with company policy. Please contact your system administrator if you believe this is in error.

User: [me]

URL: www.facebook.com/

Category: phishing-and-other-frauds

This got me to wondering how I can check URL's to see how they are categorized and also what the best way it so suggest changes or corrections.  Also, is documentation maintained and available on why a site has received a certain categoy?  For example, has Facebook really earned a place in the phishing category?

1 accepted solution

Accepted Solutions

Here is the CLI command to test a URL.

admin@PA-500> debug device-server test url facebook.com

facebook.com social-networking (Base db)


admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com phishing-and-other-frauds (Base db)

Using this example you can see the Facebook problem.  www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.

Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence.  I'll provide an update when we have one.

View solution in original post

5 REPLIES 5

L4 Transporter

We got caught by this earlier today.  Dangers of a third-party database (though of course the pro's outweigh the con's).

www.brightcloud.com has a tester, and a means to submit a URL for re-classification, though I did so a good few hours ago and it still doesn't seem to have changed, which is surprising given, well, it's Facebook not some obscure website.

Here is the CLI command to test a URL.

admin@PA-500> debug device-server test url facebook.com

facebook.com social-networking (Base db)


admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com phishing-and-other-frauds (Base db)

Using this example you can see the Facebook problem.  www.facebook.comis miscategorized but facebook.com is correctly categorized. For the time being you can add www.facebook.com or *.facebook.com to your allow list to make your users happy again.

Palo Alto Networks has reported the problem to BrightCloud and they are working to correct the issue and provide an explanation as to what happened, since they have many safeguards to prevent such an occurrence.  I'll provide an update when we have one.

Thanks for that - not wanting to hijack the thread but can you explain if/when the change will be picked up by our Palo Alto please?

I'm a little unclear what is held "on-box" and what is cached/queried "on the fly"?

Thanks.

The new version will be pushed to the PANs as soon as it is available and you'll be able to perform the upgrade.

The new URL database, version 3270, is now available to install. The problem has been fixed:

admin@PA-500> debug device-server test url www.facebook.com

www.facebook.com social-networking (Base db)

  • 1 accepted solution
  • 3921 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!