This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

URL Filtering issue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

URL Filtering issue

itassetbenilde
L2 Linker

‎08-29-2024 12:20 AM

Hi All,

 

So i'm trying to whitelist a site that was tagged as 'parked' by PAN-OS. i added this to a custom URL category, and configured the URL Filtering profile to allow/allow.

 

The site is still getting blocked. To get around this, i filed a request to reclassify the site(to be fair, the update was very quick).

 

This concerns me, as a a lot of our students put up their websites as part of their schoolwork. Should their sites be mislabeled as 'parked'...it doesn't seem practical to file a request for each site, as there are usually 4-5 sections with 40+ students each.

 

The URL Filtering logs indicate the URL has multiple category matches -- <custom url category>, parked. Somehow the 'parked' categorization wins out and the action is 'blocked'.

 

Aren't custom URL categories supposed to win out in this situation?

 

i've read https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC,  but given what i've seen in the logs, this seems to apply to URLs in different custom categories.

 

tia

0 Likes Likes
3 REPLIES 3

kiwi
Community Team Member

‎09-04-2024 03:28 AM

Hi @itassetbenilde ,

 

How did you configure the custom category ?

Sounds very similar to what what happening here where the custom url category was configured incorrectly:

 

https://live.paloaltonetworks.com/t5/next-generation-firewall/parked-domain-blocked-when-traffic-not...

 

Hope this helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Brandon_Wertz
L6 Presenter

‎09-04-2024 08:43 AM

@itassetbenilde wrote:

Hi All,

 

So i'm trying to whitelist a site that was tagged as 'parked' by PAN-OS. i added this to a custom URL category, and configured the URL Filtering profile to allow/allow.

 

The site is still getting blocked. To get around this, i filed a request to reclassify the site(to be fair, the update was very quick).

 

This concerns me, as a a lot of our students put up their websites as part of their schoolwork. Should their sites be mislabeled as 'parked'...it doesn't seem practical to file a request for each site, as there are usually 4-5 sections with 40+ students each.

 

The URL Filtering logs indicate the URL has multiple category matches -- <custom url category>, parked. Somehow the 'parked' categorization wins out and the action is 'blocked'.

 

Aren't custom URL categories supposed to win out in this situation?

 

i've read https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC,  but given what i've seen in the logs, this seems to apply to URLs in different custom categories.

 

tia

@itassetbenilde  -- I think you're running into the "Category List" function.  It's my understanding that "action" for access to websites via Category Lists are the "most restrictive."  So if any of your URL profile actions is anything other than allow/alert that action based on the list categories will be taken.  In this instance if "Parked" is set to block then based on the "Category List" match criteria the action for access would be "blocked" based on settings.  (Regardless of your custom URL profile, which you're using trying to override.)

 

 

@kiwi here is an example of what I'm referring to from my FW:

Brandon_Wertz_0-1725464504017.png

 

BPry
Cyber Elite
Cyber Elite

‎09-04-2024 01:41 PM

@itassetbenilde,

I'd recommend setting the URL category, especially something that you created yourself, to at least 'alert' so that it's logged. If you're setting 'allow' you won't see logs when traffic properly matches the custom category.

 

How are you trying to allow the custom category in your security rulebase? When it comes to bypassing URL categorization, I highly recommend having a dedicated security entry that triggers off of the custom category and has the applicable individual profiles allocated.

IE: If I have a "Allow-Blocked-Domains" category as an example, I'll have a security entry that triggers off of the category before my more general traffic rules. Then assign profiles as you see fit; I generally recommend having a url-filtering profile assigned to this entry that simply has all categories set to alert for this rule. This process has proven to be very effective in allowing access and not having to worry about other competing profiles as long as your custom category is matching properly.

  • 674 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks