- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-20-2019 01:28 PM
I found this article on URL filtering.
My question is how is *.baidu.com not allowing mp3.baidu.com or news.baidu.com as well
What does *. signify or equate to this scenario.
ALso is there is any need or scenario in which we would need to add
*.baidu.com as rules in Custom URL category.
Any Help would be appreciated.
HOW TO ALLOW ONE URL AND BLOCK OTHER ASSOCIATED URLS
Resolution
Overview
This describes how to allow a single URL and block other associated URLs. In this example www.baidu.com will be allowed but mp3.baidu.com and news.baidu.com will be blocked.
Steps
Use one of the following two configuration options.
Option 1: Use URL Category
Option 2: Use URL filtering
owner: bpappas
03-20-2019 02:01 PM
Hello,
Looks like a typo in the document. *.baidu.com would allow mp3.baidu.com or news.baidu.com.
Good catch!
03-20-2019 04:11 PM
As @OtakarKlier mentioned the document is wrong. *.baidu.com would still allow anything.baidu.com. You can however do this easily enough, you simply need to keep in mind the order of the firewall processes the request:
URL Filtering
1) Block List
2) Allow List
3) Custom Categories
4) Cache
5) Pre-Defined Categories
URL Categorie Actions:
1) Block
2) Override
3) Continue
4) Alert
5) Allow
I think this is what the article was trying to get at; one thing to keep in mind with the knowledgebase is that any Palo employee can make an entry, so they aren't always actually right.
03-20-2019 02:01 PM
Hello,
Looks like a typo in the document. *.baidu.com would allow mp3.baidu.com or news.baidu.com.
Good catch!
03-20-2019 04:11 PM
As @OtakarKlier mentioned the document is wrong. *.baidu.com would still allow anything.baidu.com. You can however do this easily enough, you simply need to keep in mind the order of the firewall processes the request:
URL Filtering
1) Block List
2) Allow List
3) Custom Categories
4) Cache
5) Pre-Defined Categories
URL Categorie Actions:
1) Block
2) Override
3) Continue
4) Alert
5) Allow
I think this is what the article was trying to get at; one thing to keep in mind with the knowledgebase is that any Palo employee can make an entry, so they aren't always actually right.
03-20-2019 09:26 PM
Thank you for the explanation Bpry.
Is there any scenraio where you would right a URL rule like
Both in Allow rule,
sega.com
*.sega.com/*. "This statement includes the First URL right, correct me If I am wrong.
Thank you
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!