| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| paloaltonetworks:configuration:url_filtering [2020/08/12 07:32] – [Serve a URL Response Page Over an HTTPS Session Without SSL Decryption] bstafford | paloaltonetworks:configuration:url_filtering [2022/11/23 12:49] (current) – external edit 127.0.0.1 |
|---|
| ====== PAN-OS URL Filtering ====== | ====== PAN-OS URL Filtering ====== |
| ===== Multi-Category URL Filtering ===== | ===== Multi-Category URL Filtering ===== |
| | Remember, if you manually whitelist a site, any specific sub-pages that are normally classed as malware will be allowed through (even though the list of categories will mark it as cust-list, malware). |
| | |
| PAN-OS 9.0 introduced multi-category URL Filtering. | PAN-OS 9.0 introduced multi-category URL Filtering. |
| |
| <code>set deviceconfig setting ctd hold-client-request yes</code> | <code>set deviceconfig setting ctd hold-client-request yes</code> |
| <code>commit</code> | <code>commit</code> |
| | =====Allow Specific Pages on Domain===== |
| | Sometimes you want to block a domain but allow specific pages. Let's use YouTube as an example. |
| | If you have a custom profile 'whitelist' and a custom profile 'blacklist' and they both contain '*.youtube.com', you will find that block takes prescendence over allow/alert. If you put 'www.youtube.com/watch?v=4lm75v4Ndlg' into the whitelist, you will find the block list still take prescendence over it. |
| | |
| | To allow the traffic, you need to create a rule that uses 'whitelist' in the match criteria of the rule and then just 'alerts' (or, at least, doesn't block the blacklist). |
| | |
| =====Enable Specific YouTube Videos Only===== | =====Enable Specific YouTube Videos Only===== |
| See [[https://live.paloaltonetworks.com/t5/minemeld-articles/minemeld-to-filter-youtube-videos/ta-p/164928|this link]]. | See [[https://live.paloaltonetworks.com/t5/minemeld-articles/minemeld-to-filter-youtube-videos/ta-p/164928|this link]]. |
| =====Test URL Filtering===== | =====Test URL Filtering===== |
| |
| ^ Category ^ Test over HTTP ^ Test over HTTPS^ | Another [[https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaDCAS|test page]]. |
| | |
| | ^ Category ^ Test over HTTP ^ Test over HTTPS ^ |
| | |low-risk|[[http://urlfiltering.paloaltonetworks.com/test-low-risk|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-low-risk|Test Over SSL]]| |
| | |medium-risk|[[http://urlfiltering.paloaltonetworks.com/test-medium-risk|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-medium-risk|Test Over SSL]]| |
| | |high-risk|[[http://urlfiltering.paloaltonetworks.com/test-high-risk|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-high-risk|Test Over SSL]]| |
| |abortion|[[http://urlfiltering.paloaltonetworks.com/test-abortion|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-abortion|Test Over SSL]]| | |abortion|[[http://urlfiltering.paloaltonetworks.com/test-abortion|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-abortion|Test Over SSL]]| |
| |abused-drugs|[[http://urlfiltering.paloaltonetworks.com/test-abused-drugs|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-abused-drugs|Test Over SSL]]| | |abused-drugs|[[http://urlfiltering.paloaltonetworks.com/test-abused-drugs|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-abused-drugs|Test Over SSL]]| |
| |proxy-avoidance-and-anonymizers|[[http://urlfiltering.paloaltonetworks.com/test-proxy-avoidance-and-anonymizers|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-proxy-avoidance-and-anonymizers|Test Over SSL]]| | |proxy-avoidance-and-anonymizers|[[http://urlfiltering.paloaltonetworks.com/test-proxy-avoidance-and-anonymizers|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-proxy-avoidance-and-anonymizers|Test Over SSL]]| |
| |questionable|[[http://urlfiltering.paloaltonetworks.com/test-questionable|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-questionable|Test Over SSL]]| | |questionable|[[http://urlfiltering.paloaltonetworks.com/test-questionable|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-questionable|Test Over SSL]]| |
| | |ransomware|[[http://urlfiltering.paloaltonetworks.com/test-ransomware|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-ransomware|Test Over SSL]]| |
| |real-estate|[[http://urlfiltering.paloaltonetworks.com/test-real-estate|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-estate|Test Over SSL]]| | |real-estate|[[http://urlfiltering.paloaltonetworks.com/test-real-estate|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-estate|Test Over SSL]]| |
| |recreation-and-hobbies|[[http://urlfiltering.paloaltonetworks.com/test-recreation-and-hobbies|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-recreation-and-hobbies|Test Over SSL]]| | |recreation-and-hobbies|[[http://urlfiltering.paloaltonetworks.com/test-recreation-and-hobbies|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-recreation-and-hobbies|Test Over SSL]]| |
| |web-based-email|[[http://urlfiltering.paloaltonetworks.com/test-web-based-email|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-web-based-email|Test Over SSL]]| | |web-based-email|[[http://urlfiltering.paloaltonetworks.com/test-web-based-email|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-web-based-email|Test Over SSL]]| |
| |web-hosting|[[http://urlfiltering.paloaltonetworks.com/test-web-hosting|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-web-hosting|Test Over SSL]]| | |web-hosting|[[http://urlfiltering.paloaltonetworks.com/test-web-hosting|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-web-hosting|Test Over SSL]]| |
| | |test-real-time-detection-command-and-control|[[http://urlfiltering.paloaltonetworks.com/test-real-time-detection-command-and-control|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-time-detection-command-and-control|Test Over SSL]]| |
| | |test-real-time-detection-malware|[[http://urlfiltering.paloaltonetworks.com/test-real-time-detection-malware|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-time-detection-malware|Test Over SSL]]| |
| | |test-real-time-detection-phishing|[[http://urlfiltering.paloaltonetworks.com/test-real-time-detection-phishing|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-time-detection-phishing|Test Over SSL]]| |
| | |test-real-time-detection-grayware|[[http://urlfiltering.paloaltonetworks.com/test-real-time-detection-grayware|Test Unencrypted]]|[[https://urlfiltering.paloaltonetworks.com/test-real-time-detection-grayware|Test Over SSL]]| |
