Query on URL filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Query on URL filtering

L0 Member

I found this article on URL filtering.

My question is how is *.baidu.com not allowing mp3.baidu.com or news.baidu.com as well

What does *. signify or equate to this scenario.

 

ALso is there is any need or scenario in which we would need to add 

www.baidu.com

*.baidu.com as rules in Custom URL category.

 

Any Help would be appreciated.

 

 

HOW TO ALLOW ONE URL AND BLOCK OTHER ASSOCIATED URLS

11171
Created On 02/07/19 23:48 PM - Last Updated 02/07/19 23:48 PM
URL FILTERING

Resolution

 

Overview

This describes how to allow a single URL and block other associated URLs. In this example www.baidu.com will be allowed but mp3.baidu.com and news.baidu.com will be blocked.

 

Steps

Use one of the following two configuration options.

Option 1: Use URL Category

  1. Go to Objects > Custom URL Category, and create a category called "Baidu," for example. Add "*.baidu.com" to the category.
  2. Go to Objects > Custom URL Category, and create a category called "Everything," for example. Add "*" to the category. This will cover all URLs.
  3. Add a security policy that permits from any to any.
  4. Under Service/URL Category, add the category "Baidu."
  5. Add another security policy that blocks from any to any. Under Service/URL Category add the category "Everything."
    The first rule should permit access to *.baidu.com, while the second rule should act as a catch-all rule that blocks access to all URLs.

 

Option 2: Use URL filtering

  1. Go to Objects > Custom URL Category, and create a category called "Baidu" for example. Add "*.baidu.com" to the category.
  2. Go to Objects > URL Filtering, and create a url filtering profile called "Baidu-URL."
  3. Select the category "Baidu" to allow and the rest of the categories to block. This will block all URLs except www.baidu.com.
  4. Add a security policy that permits from any to any. Under Actions > Profile Setting > Profile Type <select profiles>, select the url filtering profile "Baidu-URL."
    Note: This rule should only permit access to *.baidu.com.

 

owner:  bpappas

2 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

Hello,

Looks like a typo in the document. *.baidu.com would allow mp3.baidu.com or news.baidu.com. 

 

Good catch!

View solution in original post

Cyber Elite
Cyber Elite

@amocherla,

As @OtakarKlier mentioned the document is wrong. *.baidu.com would still allow anything.baidu.com. You can however do this easily enough, you simply need to keep in mind the order of the firewall processes the request:

 

URL Filtering

1) Block List

2) Allow List

3) Custom Categories

4) Cache

5) Pre-Defined Categories

 

URL Categorie Actions:

1) Block

2) Override

3) Continue

4) Alert

5) Allow

 

I think this is what the article was trying to get at; one thing to keep in mind with the knowledgebase is that any Palo employee can make an entry, so they aren't always actually right

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello,

Looks like a typo in the document. *.baidu.com would allow mp3.baidu.com or news.baidu.com. 

 

Good catch!

Cyber Elite
Cyber Elite

@amocherla,

As @OtakarKlier mentioned the document is wrong. *.baidu.com would still allow anything.baidu.com. You can however do this easily enough, you simply need to keep in mind the order of the firewall processes the request:

 

URL Filtering

1) Block List

2) Allow List

3) Custom Categories

4) Cache

5) Pre-Defined Categories

 

URL Categorie Actions:

1) Block

2) Override

3) Continue

4) Alert

5) Allow

 

I think this is what the article was trying to get at; one thing to keep in mind with the knowledgebase is that any Palo employee can make an entry, so they aren't always actually right

Thank you for the explanation Bpry.

Is there any scenraio where you would right a URL rule like 

 

Both in Allow rule,

 

sega.com 

*.sega.com/*.   "This statement includes the First URL right, correct me If I am wrong.

 

Thank you

  • 2 accepted solutions
  • 5209 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!