Security Profile/ URL Filter enable but web site bypass blocking

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security Profile/ URL Filter enable but web site bypass blocking

L1 Bithead

Hi

Platform: PA-440

SW Version: 10.1.8

I created policy and I enabled Actions/Profile settings/URL Filter with customized one, it locks adult content.

1st attempt

website like chaturbate.com doesn't lock, in Monitor/URL filter appear blocked but I can browse the web site.

 

2nd attempt

I create an URL filter category with specific web site and it happens the same thing.

 

Why does it work so strange?

#PA440

Thank you

8 REPLIES 8

Cyber Elite
Cyber Elite

Out of curiosity, do you alert on all other url categories? What does your custom url category look like? Do you use a wildcard at some point or just the specific url?

 

The first thing that comes to mind with the actual url category is its not hearing back quick enough on the first time its seeing this. What happens if you lower the category lookup timeout? 

Claw4609_0-1707228393878.png

 

Out of curiosity, do you alert on all other url categories? No, logs appear when web site is blocked. What does your custom url category look like? Lock adult category and I added specific URL Do you use a wildcard at some point or just the specific url? Specific URL.

But as you can see the log, web site is blocked but I can browse it nevertheless.

 

Category lookup timeout (sec) =2

And hold client request for category lookup is checked

If you also add *.url.com/ to the custom list does it then block as intended? The custom url category may not be blocking all that it needs to. Granted that wouldn't explain why the predefined category isnt blocking it.

 

If you go into the cli of the firewall and run "test url URL" does the output categorize correctly? Could try clearing the url cache as well: How to clear URL cache in management and data plane? - Knowledge Base - Palo Alto Networks

If I try via cli to check the url it appears as adult category but it works again.

In my custom category I tried to add other web site: *.acmilan.com and it locks both http and https.

In https blocked web site doesn't appear custom web page, but it is other topic.

Without decrypting the traffic the custom web pages are a lot less reliable. But here is a document you could follow: How to Serve a URL Response Page Over an HTTPS Session Without ... - Knowledge Base - Palo Alto Netw...

This evening we will try to update version.

I updated to release 11.1.0 and it doesn't work nevertheless.

Last way is Dynamic Updates

Do you see it in the traffic as tcp 443?

It could be udp QUIC traffic. Block QUIC and see if that helps.

-wherever you go, there you are-
  • 1568 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!