How to do URL Whitelists?

cancel
Showing results for 
Search instead for 
Did you mean: 

How to do URL Whitelists?

L0 Member

I am trying to figure out how to do Whitelists for a list of URLs and I am not having much luck.

By default all outgoing is allowed on everything internal.

I have a group of addresses that should only be allowed to view certain websites with wildcards.

I created a profile that is set to that address group for source, ANY for everything else, and a URL Profile with the list of URLs in the whitelist. When that policy is set to Deny it blocks all traffic and if it is set to Allow it allows all traffic.

An example URL I am using is www.google.com/*

I have this policy above our Allow all rule. If I I put it beneath the allow rule it does not apply. We do have the url filtering license also.

What exactly am I doing wrong here?

4 REPLIES 4

L6 Presenter

Hi...You should set the security rule for that address group with service=tcp/80, action=allow and the selected URL profile.  In the selected URL profile, add the permitted URLs to the allow-list, allow content-delivery-network category, and block all other URL categories .  Maybe you missed setting all other categories to block.  You may need to check the URL filtering log and unblock other URLs as appropriate.

Thanks.

Thanks for the help. I have it mostly working but one thing is still rather weird.

For each site I am having to do 4 white list entries.

For example one site is saemtests.org

If they don't put www

saemtests.org/*

saemtests.org/

If they put www

*.saemtests.org/*

*.saemtests.org/

Is this normal or is there a regular expression I should be using instead?

I tried doing *saemtests* however that was not valid.

When doing a whitelist, you should put for example:

saemtests.org

*.saemtests.org

Here is the help note.Did you read that

For example, "www.paloaltonetworks.com” is different from "paloaltonetworks.com". If you want to block the entire domain, you should include both "*.paloaltonetworks.com" and "paloaltonetworks.com".

Examples:

www.paloaltonetworks.com

198.133.219.25/en/US

Block and allow lists support wildcard patterns. The following characters are considered separators:

.

/

?

&

=

;

+

Every substring that is separated by the characters listed above is considered a token. A token can be any number of ASCII characters that does not contain any separator character or *. For example, the following patterns are valid:

*.yahoo.com (Tokens are: "*", "yahoo" and "com")

www.*.com (Tokens are: "www", "*" and "com")

www.yahoo.com/search=* (Tokens are: "www", "yahoo", "com", "search", "*")

The following patterns are invalid because the character “*” is not the only character in the token.

ww*.yahoo.com

www.y*.com

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!