About R.Boehm

R.Boehm · ‎08-07-2020

Thank you for your hint, I have configured decryption, and now it is worked as expected. But what is the reason for that difference? I thought, url is every time normaly text, and the URL-Filter compare exactly the called url? MfG Boehm

R.Boehm · ‎08-03-2020

No. Also I think, it is not relevant in this case. URL's are not encrypted. Normaly URL-Filter works for http- and https-traffic, independently of decryption. Or I am wrong?

R.Boehm · ‎07-31-2020

Hello everybody, I use url-list from urlhaus. If I test some entries, I got a problem with onedrive-urls like this: onedrive.live.com/download?cid=a75074ec168603e4&resid=a75074ec168603e4%21108&authkey=apnjueurszwr7fi This url should be blocked by urlfilter on the firewall. But it was not blocked. I can download the file. Also I can not see any entries in url-filter-log. Thanks for any help or hints. R. Boehm

R.Boehm · ‎07-30-2020

Hello, I try to use the url-haus-list via https://urlhaus.abuse.ch/downloads/csv/. I got a zip-file. How can I use it with minemeld? Thanks for every answer

R.Boehm · ‎12-06-2016

Hello santonic, I have done this, no changes. "dynamic-dns" is the right category. If I block these category by URL-filtering, requests are blocked, I see this action also in the log "URL Filtering", but as category was "computer-and-internet-security" displayed. If try a search with filter "( category eq dynamic-dns )" nothing appears. Thanks for your efforts MfG Ralf

R.Boehm · ‎12-06-2016

Hello, I have test a site for blocking via url-category. If I test the url via cli "test url cams.dnsalias.com" I got the category "dynamic-dns". But in the url-log I see "computer-and-internet-security" What's wrong? MfG Ralf

R.Boehm · ‎07-29-2016

Hi Luigi, great (and very fast answer 😉 ) I have really search befor I ask this questions. 😉 Ok. Now it's works, and I will have a nice weekend. 🙂 Thank you very mutch. Is there a list of options, which can used for fromatting the lists? Ralf

R.Boehm · ‎07-29-2016

Hello, I am very happy, that I can create dynamical lists for using it in the PA. So I use ransomwaretracker.RW_URLBL with stdlib-aggregatorURL as prozessor and stdlib.feedHCGreen as output to create a URL-list. So I got a list like: ... http://217.64.197.138/~rivista_ipi/4kkmkfz http://237travellin.com/92nwao23 http://237travellin.com/telo70 ... I have tested it as described in: https://live.paloaltonetworks.com/t5/PAN-OS-7-1-Videos/PAN-OS-7-1-URL-Filtering-Dynamic-Block-List-External-Block-List/ta-p/74098 But it does not work. It's works only, if the entries in the list not have a leading "http://". It's ok, the sites can also have https, and for checking a URL, it is not important. What's wrong? Have I make a mistake? Or is this a issue (Minemeld or PaloAlto?)? Thanks for your efforts

R.Boehm · ‎07-29-2016

Hello Imori, thank you for answer. Befor my next question I will do a search. 😉 Yes, I think it is not bad to have users with Read-Write- or Read-Only-access, somebody can configure, somebody only view. But you have this already on the roadmap. So I will waiting. 🙂

R.Boehm · ‎07-28-2016

Hello, at first, thank you for that great tool, especially for the gui. I will change the password for admin. How can I do this? With htpasswd? And, is it possible to add users with different privilegs? Thank you for your efforts.

R.Boehm · ‎07-28-2016

Thank you for your explantion. Now I know, for what I can use it. 🙂

R.Boehm · ‎07-27-2016

Hello, does use anybody the logs from a plaoalto-fw in minemeld? And what was the reason for to do this on this way? Thanx for your answers. 🙂

R.Boehm · ‎10-14-2013

Hello everybody, we have the following problem. We must allow dhcp-requests from outside to our dhcp-server. I will allow only those requests, that's contain a specific ip-address of a dhcp-relay and a specific mac-address of the dhcp-client. I have capture the packet, and so I know the hex-data contains in the packet. I defined a custom app-id with parent-app dhcp, and defined a signature contains the specific hex-data (unknown-request-udp-payload, patterm-match, pattern: .*(\x96cbefc8e8039aa99e71\x) ). Also I defined a destination-port (udp/67). But that doesn't work. The custom app-id only match, when I defined also a application-override-rule. And it also match, when I changed the signature.:-( But I will not only override the application. I will use this custom app-id for allowing specific traffic. What's wrong? Is it possible? Thanks for any help.

Member Since	‎01-03-2013 11:40 PM
Date Last Visited	‎04-29-2022 05:04 AM
Posts	18

Online Status	Offline
Date Last Visited	‎04-29-2022 05:04 AM

About R.Boehm

Re: Problem URL-Filter onedrive urls

Re: Problem URL-Filter onedrive urls

Problem URL-Filter onedrive urls

Using URL-Haus csv file

Re: URL category shown in URL-Log is not equal as shown by command "test url ..."

Re: Problem using URL-filterlists for PA

Re: Problem using URL-filterlists for PA

Re: user for web-gui

Re: Problem URL-Filter onedrive urls

Re: Problem URL-Filter onedrive urls

Problem URL-Filter onedrive urls

Using URL-Haus csv file

Re: URL category shown in URL-Log is not equal as shown by command "test url ..."

URL category shown in URL-Log is not equal as shown by command "test url ..."

Re: Problem using URL-filterlists for PA

Problem using URL-filterlists for PA

Re: user for web-gui

user for web-gui

Re: Use anybody paloalto-logs in minemeld?

Use anybody paloalto-logs in minemeld?

Custom app signature not match

Network Security

Cloud Security

Security Operations

About R.Boehm