02-06-2024 05:36 AM
Hi
Platform: PA-440
SW Version: 10.1.8
I created policy and I enabled Actions/Profile settings/URL Filter with customized one, it locks adult content.
1st attempt
website like chaturbate.com doesn't lock, in Monitor/URL filter appear blocked but I can browse the web site.
2nd attempt
I create an URL filter category with specific web site and it happens the same thing.
Why does it work so strange?
#PA440
Thank you
02-06-2024 06:06 AM
Out of curiosity, do you alert on all other url categories? What does your custom url category look like? Do you use a wildcard at some point or just the specific url?
The first thing that comes to mind with the actual url category is its not hearing back quick enough on the first time its seeing this. What happens if you lower the category lookup timeout?
02-06-2024 06:31 AM
Out of curiosity, do you alert on all other url categories? No, logs appear when web site is blocked. What does your custom url category look like? Lock adult category and I added specific URL Do you use a wildcard at some point or just the specific url? Specific URL.
But as you can see the log, web site is blocked but I can browse it nevertheless.
Category lookup timeout (sec) =2
And hold client request for category lookup is checked
02-06-2024 06:47 AM - edited 02-06-2024 06:49 AM
If you also add *.url.com/ to the custom list does it then block as intended? The custom url category may not be blocking all that it needs to. Granted that wouldn't explain why the predefined category isnt blocking it.
If you go into the cli of the firewall and run "test url URL" does the output categorize correctly? Could try clearing the url cache as well: How to clear URL cache in management and data plane? - Knowledge Base - Palo Alto Networks
02-06-2024 07:28 AM
If I try via cli to check the url it appears as adult category but it works again.
In my custom category I tried to add other web site: *.acmilan.com and it locks both http and https.
In https blocked web site doesn't appear custom web page, but it is other topic.
02-06-2024 07:30 AM
Without decrypting the traffic the custom web pages are a lot less reliable. But here is a document you could follow: How to Serve a URL Response Page Over an HTTPS Session Without ... - Knowledge Base - Palo Alto Netw...
02-06-2024 07:32 AM
This evening we will try to update version.
02-06-2024 11:56 PM
I updated to release 11.1.0 and it doesn't work nevertheless.
Last way is Dynamic Updates
02-08-2024 08:52 AM
Do you see it in the traffic as tcp 443?
It could be udp QUIC traffic. Block QUIC and see if that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
