This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

URL Filtering Wildard - ? in URL

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

URL Filtering Wildard - ? in URL

RCurrie
L0 Member

‎06-28-2022 11:55 AM

I have inbound decryption set up for a server and we want to restrict what URLs users can get to.  The website admin tells me that ALL links to the site will contain something similar to the following:

 

https://my.web.server/xxx/yyy/zzz/TEXT_SOMETHING.LIKE_THIS.GBL

 

When I go to the site and click on the test links, I notice that it adds a ? after the .GBL and then text after that in the URL.

 

My question is, can I just add an * after the .GBL and add it as a site in my Custom URL Category and this should allow users to get to anything containing that link?  Even if the next character is a question mark?  There is lots of documentation around wildcards for domains, but not a lot that I find when talking about URL's after the original domain name.

 

Any feedback is appreciated.

 

Thanks!

Rick

0 Likes Likes
2 REPLIES 2

Adrian_Jensen
L6 Presenter

‎06-28-2022 06:14 PM

The "?" marks the separation between the URL and arguments passed in a POST or GET request to the URL. So https://example.com/xxx/test.gbl?y=123&z=abc means to connect to example.com/xxx/test.gbl and pass it arguments v="123" and z="abc".

 

So if you want the .GBL to work (and match any arguments) you could use:

www.example.com/xxx/yyy/zzz/something.gbl

Or you could use this to allow any file in the zzz subdirectory:

my.example.com/xxx/yyy/zzz/

Or you could use this to allow the entire site:

my.example.com/

 

If you want to match both the full FQDN and the short FQDN, i.e should match both https://my.example.com/ and https://example/com/, then you need to put in 2 URL filters to be explicit: either "*.example.com" or "my.example.com/";  and "example.com/".

 

Note that the PA URL filters are not case sensitive... though one could argue they should be as example.com/test and example.com/TEST are different files (though admittedly this does making filtering more labored).

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to Adrian_Jensen

‎06-29-2022 02:10 PM

Hi @RCurrie 

In addition to @Adrian_Jensen great answer I want to add the following document - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering/block-and-allow-lists I suggest you to read it till the end, there are lot of useful gems in here.

 

Few notes to point out from this document

Astardzhiev_0-1656536591843.png

Astardzhiev_1-1656536623672.png

 

Astardzhiev_2-1656536729612.png

So "?" is considered token separator, which means after it you can use wildcard to match any string following it. If you want to allow access only to /xxx/yyy/zzz/xxx.gbl

 

 

0 Likes Likes
  • 1628 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks