how to block shortened links?

Reply
Highlighted
L4 Transporter

how to block shortened links?

How can I effectively block shortened links on firewall? I can't figure a wildcard url format for them. 

Please advise.

Tags (1)
Highlighted
Cyber Elite

@SThatipelly,

Due to the limitations in place on the firewall, it's actually best to do this on your DNS servers. 

Highlighted
L4 Transporter

do you know how to block them on DNS servers? is there a standard way to do it?

Highlighted
Cyber Elite

Hello,

One way is to sinkhole then on your dns. Meaning have them resolve to an IP that goes no where or that you block on the PAN. That way the dns never resolves and the user never gets there.

 

Cheers!

Highlighted
Cyber Elite

@SThatipelly,

The standard way would be to create a DNS entry for the domain on your internal DNS servers; the entry would reference an IP that, as @OtakarKlier mentioned, you've either blocked or setup specifically as a sinkhole host. 

Highlighted
L4 Transporter

thank you @BPry @OtakarKlier . I'm doing DNS sinkhole on many domains but the issue I'm facing with shortened links are they don't have a specific identifiers/domain names. 

Highlighted
Cyber Elite

Hello,

Gotcha, however the shortened links should resolve to the full ones at some point and the PAN should be able to block those via categories.

 

Regards,

Highlighted
L4 Transporter

True. Shortened URLs in emails really cause issues to both admins and users . We train our users to look at the link before clicking them but these links are giving them hard time. so, I was looking at blocking them in the initial stage itself.

I wish Palo has a url category called 'shortened links'

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!