I have inbound decryption set up for a server and we want to restrict what URLs users can get to. The website admin tells me that ALL links to the site will contain something similar to the following:
When I go to the site and click on the test links, I notice that it adds a ? after the .GBL and then text after that in the URL.
My question is, can I just add an * after the .GBL and add it as a site in my Custom URL Category and this should allow users to get to anything containing that link? Even if the next character is a question mark? There is lots of documentation around wildcards for domains, but not a lot that I find when talking about URL's after the original domain name.
Any feedback is appreciated.
The "?" marks the separation between the URL and arguments passed in a POST or GET request to the URL. So https://example.com/xxx/test.gbl?y=123&z=abc means to connect to example.com/xxx/test.gbl and pass it arguments v="123" and z="abc".
So if you want the .GBL to work (and match any arguments) you could use:
Or you could use this to allow any file in the zzz subdirectory:
Or you could use this to allow the entire site:
If you want to match both the full FQDN and the short FQDN, i.e should match both https://my.example.com/ and https://example/com/, then you need to put in 2 URL filters to be explicit: either "*.example.com" or "my.example.com/"; and "example.com/".
Note that the PA URL filters are not case sensitive... though one could argue they should be as example.com/test and example.com/TEST are different files (though admittedly this does making filtering more labored).
In addition to @Adrian_Jensen great answer I want to add the following document - https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/url-filtering/block-and-allow-lists I suggest you to read it till the end, there are lot of useful gems in here.
Few notes to point out from this document
So "?" is considered token separator, which means after it you can use wildcard to match any string following it. If you want to allow access only to /xxx/yyy/zzz/xxx.gbl
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!