07-01-2013 08:27 PM
Hi all,
How can the Palo Alto control the age-old URL filtering bypass of typing in the IP address of a site, rather than the hostname?
As an example, some of our students last week did:
1. www.minecraft.net via web browser is blocked (category: games)
2. do an nslookup or dig for www.minecraft.net
3. type IP address into browser and then get through
When Palo Alto saw this, the IP address was in URL Filtering category 'unknown'. Disabling unknown would cause too many false positives with lots of different sites.
Now in some cases, the IP address does resolve to a particular category and this isn't a problem. It's only when it comes back as 'unknown' that we have an issue.
Does anyone have a solution to this? Is it possible to block access to any IP address URL, unless it is in a valid URL category?
Edit: oh yes, we're on PA-4050s, 5.0.2, using the PAN-DB URL Filtering module.
Thanks!
Tony Bigby
