Search engines can be very helpful, but also a major security risk.
Employees or students can use Google, Yahoo, or Bing to research ways to bypass firewalls.
Risk can be mitigated by using URL filtering to restrict certain words from a search.
Details
Wildcards (required for URL filtering) can only precede and follow a special character, for example, */ or /*
Most search engines use the same format for their search result
The search request is displayed in plain text in the HTTP GET request in the following format "q=proxy+servers&"
There is an implicit wildcard at the end of each line in a URL filtering policy (post PAN-OS versions 4.0.8)
Other Booleans aside from + and = may need to be accounted for in your 'Custom URL Category'
URL filtering determines URL using the HTTP Get request Note: SSL searches require decryption to be enabled. Otherwise, the URL cannot be determined by the Palo Alto Networks firewall.
Steps
Create a text file using Notepad.
Decide which search strings to filter.
PAN-OS 5.0, 6.0 example:
*/*=proxy
*/*=bypass+filter
*/*=myspace
*/*=facebook
*/*+proxy
*/*+bypass+filter
*/*+myspace
*/*+facebook
Note: */*+[term] is included in the example, because */*=[term] causes a hit on only the URL filter line if it's the first word in the search string.
PAN-OS 4.1 example:
*=proxy
*=bypass+filter
*=myspace
*=facebook
*+proxy
*+bypass+filter
*+myspace
*+facebook
Note: *+[term] is included in the example, because *=[term] will only causes a hit on only the URL filter line if it's the first word in the search string.
Save the text file.
Go to Objects.
Click Custom URL Category.
Use the following steps to import your category from the text file:
Click Import.
Browse to the location of your text file.
Click OK.
The contents of your text file display line-by-line in the custom URL category.
Create an action for your new Custom URL Category in a URL filtering profile.
Ensure that the profile is attached to a security policy.
Alternatively, you can create a Deny policy that references your custom URL category.