want to block IP address.

Reply
Jafar_Hussain
L4 Transporter

want to block IP address.

Dears,

I have one internal working website. i want to allow the website by the URL and want to block by the IP address.

Example:- website name -       https://example.com

                  ip address -                 192.168.1.50

If any user browse this website https:// example.com should be open and if the user browse this https://192.168.1.50 should not be open.

For this i have created a 2 URL category:-

1- ACCESS URL- *.example.com

2 - BLOCK IP -  *.192.168.1.50

 

Then I have created a policy scenerio1:-

source zone - TRUST-ZONE

source user - ANY

Destination zone - server zone

destination address - 192.168.1.50

application - ssl

service - application default

service/url category - ANY

Action - Allow

URL Filtering profile :- Allow the "ACCESS URL" category and block the "BLOCK-IP" category.

 

after this configuration i have checked but not able to block the website by IP address.

 

Scenario 2  for the security policy:-

 

source zone - TRUST-ZONE

source user - ANY

Destination zone - server zone

destination address - ANY

application - ANY

service - ANY

service/url category - ACCESS URL

Action - Allow

URL Filtering profile :- block the "BLOCK-IP" category.

 

But still i am able to access website by the IP address.

PAN-OS- 9.1.2

 

Can any help me to block this?

Thanks

JoergSchuetter
L4 Transporter

Hello @Jafar_Hussain 

Not sure if this only a copy-paste issue. The BLOCK IP URL starts with "*.". The objects do not hold the scheme (http, https, ...). So the URL should simply be "192.168.1.50/"

Jafar_Hussain
L4 Transporter

@JoergSchuetter 

BLOCK IP URL category is - https://192.168.1.50/content

 

you mean in the BLOCK IP category i need to only configure - 192.168.1.50/content instead of *.192.168.1.50/content ?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!