URL Filtering Wildcards?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

URL Filtering Wildcards?

L4 Transporter

I have a custom URL category which contained

*.sourceforge.net with an action of "allow" (the normal action for category shareware/freeware is "alert".

When I visited "http://sourceforge.net" it logged an alert.

I had to change the custom category to contain:

*.sourceforge.net
sourceforge.net

For the allow to take effect.

I was a little surprised as I expected the wildcard to include the primary domain?

1 accepted solution

Accepted Solutions

L4 Transporter

Hi There,

Wild cards work within delimeters/separators which are the following:

. (dot)

/ (slash)

? (question mark)

& (ampersand)

= (equal)

; (semi colon)

+ (plus)

So in your example the *.sourceforge.net would need the . (dot) to be there for a match, which it was not.

For some web sites with subdomains, you may need the following:

website.net

*.website.net

*.*.website.net

I hope this helps makes things clearer

Thanks

James

View solution in original post

6 REPLIES 6

L4 Transporter

Hi There,

Wild cards work within delimeters/separators which are the following:

. (dot)

/ (slash)

? (question mark)

& (ampersand)

= (equal)

; (semi colon)

+ (plus)

So in your example the *.sourceforge.net would need the . (dot) to be there for a match, which it was not.

For some web sites with subdomains, you may need the following:

website.net

*.website.net

*.*.website.net

I hope this helps makes things clearer

Thanks

James

Thanks James, I didn't appreciate the "." was a hard delimiter and had to be present.

No worries - good luck

So there's something I'd like to do but I'm unsure how.

Right now I have our Exchange server behind the PAN and policies that do SSL decryption as well as URL filtering to only allow:

site.domain.com/oma

site.domain.com/oma/*

site.domain.com/exchange

site.domain.com/exchange/*

site.domain.com/exchweb/*

site.domain.com/favicon.ico

site.domain.com/microsoft-server-activesync

site.domain.com/microsoft-servdeviceid=*

site.domain.com/microsoft-server-acdeviceid=*

site.domain.com/microsoft-server-actdeviceid=*

site.domain.com/microsoft-server-actideviceid=*

site.domain.com/microsoft-server-activdeviceid=*

site.domain.com/microsoft-server-activedeviceid=*

site.domain.com/microsoft-server-activesdeviceid=*

site.domain.com/microsoft-server-activesync?*

site.domain.com/microsoft-server-adeviceid=*

site.domain.com/microsoft-server-deviceid=*

site.domain.com/microsoft-serverdeviceid=*

site.domain.com/public/*

site.domain.com/rpc/*

Which are the URL's that OWA uses (all the ones in the middle are due to how the PAN seems to interpret certain URL's).

I'm looking at an external host monitoring service which would need to check if "site.domain.com" is up, but right now if it tries to connect it reports "Malformed response" as the PAN is blocking/not responding to the request to https://site.domain.com as expected.

If I add "site.domain.com" to the top of my URL allow list above, I'm basically accepting any/all requests which is precisely what I don't want to do.

So how can I allow requests explicitly to "site.domain.com" but only to "site.domain.com" as well as the paths in the list above i.e. a request to "site.domain.com/somethingrandom" would still be denied?

No, there really is no way to do what you are trying. By adding site.domain.com/ to the allow list, it will allow all queries for items to the right of "/".

The only workaround is to create a new security policy for the source IP addresses that the monitoring site uses and either allow all http traffic for that site or create a new URL filtering profile for this new security policy.

Thanks, I had a feeling from experimenting that might be the case, but at least that confirms it.

  • 1 accepted solution
  • 6968 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!