08-26-2013 10:21 AM
I am trying to figure out how to do Whitelists for a list of URLs and I am not having much luck.
By default all outgoing is allowed on everything internal.
I have a group of addresses that should only be allowed to view certain websites with wildcards.
I created a profile that is set to that address group for source, ANY for everything else, and a URL Profile with the list of URLs in the whitelist. When that policy is set to Deny it blocks all traffic and if it is set to Allow it allows all traffic.
An example URL I am using is www.google.com/*
I have this policy above our Allow all rule. If I I put it beneath the allow rule it does not apply. We do have the url filtering license also.
What exactly am I doing wrong here?
08-26-2013 10:36 AM
Hi...You should set the security rule for that address group with service=tcp/80, action=allow and the selected URL profile. In the selected URL profile, add the permitted URLs to the allow-list, allow content-delivery-network category, and block all other URL categories . Maybe you missed setting all other categories to block. You may need to check the URL filtering log and unblock other URLs as appropriate.
Thanks.
08-28-2013 06:27 AM
Thanks for the help. I have it mostly working but one thing is still rather weird.
For each site I am having to do 4 white list entries.
For example one site is saemtests.org
If they don't put www
saemtests.org/*
saemtests.org/
If they put www
*.saemtests.org/*
*.saemtests.org/
Is this normal or is there a regular expression I should be using instead?
I tried doing *saemtests* however that was not valid.
08-28-2013 07:10 AM
When doing a whitelist, you should put for example:
saemtests.org
*.saemtests.org
08-28-2013 07:15 AM
Here is the help note.Did you read that
For example, "www.paloaltonetworks.com” is different from "paloaltonetworks.com". If you want to block the entire domain, you should include both "*.paloaltonetworks.com" and "paloaltonetworks.com".
• |
• |
Block and allow lists support wildcard patterns. The following characters are considered separators:
Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:
*.yahoo.com (Tokens are: "*", "yahoo" and "com")
www.*.com (Tokens are: "www", "*" and "com")
www.yahoo.com/search=* (Tokens are: "www", "yahoo", "com", "search", "*")
The following patterns are invalid because the character “*” is not the only character in the token.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
