security policy rule with URL filtering fails to trigger on targeted traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

security policy rule with URL filtering fails to trigger on targeted traffic

L0 Member

I am trying to make a rule hit on a custom URL filtering profile with HTTP header insertion for postman traffic to be allowed, so I created a URL filtering profile with a custom URL category in order to allow the specific URL ( /upload/ subdirectory specifically and not the whole domain as I am not trying to avoid scanning the rest of the subfolders) which postman is trying to access on my server.  (screenshots below)

Kobi3v_0-1649341375611.png

 

Kobi3v_1-1649341375618.png

 

Kobi3v_2-1649341375623.png

 

but the rule doesn’t get any hits, it instead skips it and hits a later rule that’s blocking postman’s traffic as malicious while I am trying to make it hit to whitelist access to this specific subdirectory.

I am not using app-id (but the traffic is getting caught in a following policy as web-browsing), just tcp port 9000 for traffic (as seen in the policies screenshot)

Am I using the URL filtering parameters correctly? (I verified the header id in postman, and the domain in the http header I defined is exactly the one that’s getting blocked in the threat logs)

1 REPLY 1

L0 Member

Are you decrypting the traffic? Depending on how TLS is set up, you may not see any more than the FQDN unless decrypted.

  • 1700 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!