URL Filtering Wildard - ? in URL

cancel
Showing results for 
Search instead for 
Did you mean: 
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

URL Filtering Wildard - ? in URL

L0 Member

I have inbound decryption set up for a server and we want to restrict what URLs users can get to.  The website admin tells me that ALL links to the site will contain something similar to the following:

 

https://my.web.server/xxx/yyy/zzz/TEXT_SOMETHING.LIKE_THIS.GBL

 

When I go to the site and click on the test links, I notice that it adds a ? after the .GBL and then text after that in the URL.

 

My question is, can I just add an * after the .GBL and add it as a site in my Custom URL Category and this should allow users to get to anything containing that link?  Even if the next character is a question mark?  There is lots of documentation around wildcards for domains, but not a lot that I find when talking about URL's after the original domain name.

 

Any feedback is appreciated.

 

Thanks!

Rick

2 REPLIES 2

L4 Transporter

The "?" marks the separation between the URL and arguments passed in a POST or GET request to the URL. So https://example.com/xxx/test.gbl?y=123&z=abc means to connect to example.com/xxx/test.gbl and pass it arguments v="123" and z="abc".

 

So if you want the .GBL to work (and match any arguments) you could use:

www.example.com/xxx/yyy/zzz/something.gbl

Or you could use this to allow any file in the zzz subdirectory:

my.example.com/xxx/yyy/zzz/

Or you could use this to allow the entire site:

my.example.com/

 

If you want to match both the full FQDN and the short FQDN, i.e should match both https://my.example.com/ and https://example/com/, then you need to put in 2 URL filters to be explicit: either "*.example.com" or "my.example.com/";  and "example.com/".

 

Note that the PA URL filters are not case sensitive... though one could argue they should be as example.com/test and example.com/TEST are different files (though admittedly this does making filtering more labored).

Hi @RCurrie 

In addition to @Adrian_Jensen great answer I want to add the following document - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering/block-and-allow-lists I suggest you to read it till the end, there are lot of useful gems in here.

 

Few notes to point out from this document

Astardzhiev_0-1656536591843.png

Astardzhiev_1-1656536623672.png

 

Astardzhiev_2-1656536729612.png

So "?" is considered token separator, which means after it you can use wildcard to match any string following it. If you want to allow access only to /xxx/yyy/zzz/xxx.gbl

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!