how to block shortened links?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

how to block shortened links?

L4 Transporter

How can I effectively block shortened links on firewall? I can't figure a wildcard url format for them. 

Please advise.


Cyber Elite
Cyber Elite


Due to the limitations in place on the firewall, it's actually best to do this on your DNS servers. 

do you know how to block them on DNS servers? is there a standard way to do it?


One way is to sinkhole then on your dns. Meaning have them resolve to an IP that goes no where or that you block on the PAN. That way the dns never resolves and the user never gets there.




The standard way would be to create a DNS entry for the domain on your internal DNS servers; the entry would reference an IP that, as @OtakarKlier mentioned, you've either blocked or setup specifically as a sinkhole host. 

thank you @BPry @OtakarKlier . I'm doing DNS sinkhole on many domains but the issue I'm facing with shortened links are they don't have a specific identifiers/domain names. 


Gotcha, however the shortened links should resolve to the full ones at some point and the PAN should be able to block those via categories.



True. Shortened URLs in emails really cause issues to both admins and users . We train our users to look at the link before clicking them but these links are giving them hard time. so, I was looking at blocking them in the initial stage itself.

I wish Palo has a url category called 'shortened links'

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!