Palo Alto Networks Knowledgebase: How to Filter Certain Search Strings using URL Filtering

How to Filter Certain Search Strings using URL Filtering

16326
Created On 09/25/18 17:39 PM - Last Updated 08/05/19 20:11 PM
URL Filtering
Resolution

Overview

  • Search engines can be very helpful, but also a major security risk.
  • Employees or students can use Google, Yahoo, or Bing to research ways to bypass firewalls.
  • Risk can be mitigated by using URL filtering to restrict certain words from a search.

 

Details

  • Wildcards (required for URL filtering) can only precede and follow a special character, for example, */ or /*
  • Most search engines use the same format for their search result
  • The search request is displayed in plain text in the HTTP GET request in the following format "q=proxy+servers&"
  • There is an implicit wildcard at the end of each line in a URL filtering policy (post PAN-OS versions 4.0.8)
  • Other Booleans aside from + and = may need to be accounted for in your 'Custom URL Category'
  • URL filtering determines URL using the HTTP Get request
    Note: SSL searches require decryption to be enabled. Otherwise, the URL cannot be determined by the Palo Alto Networks firewall.

 

Steps

  1. Create a text file using Notepad.
  2. Decide which search strings to filter.

PAN-OS 5.0, 6.0 example:

    • */*=proxy
    • */*=bypass+filter
    • */*=myspace
    • */*=facebook
    • */*+proxy
    • */*+bypass+filter
    • */*+myspace
    • */*+facebook

Note:  */*+[term] is included in the example, because */*=[term] causes a hit on only the URL filter line if it's the first word in the search string.

PAN-OS 4.1 example:

    • *=proxy
    • *=bypass+filter
    • *=myspace
    • *=facebook
    • *+proxy
    • *+bypass+filter
    • *+myspace
    • *+facebook

Note: *+[term] is included in the example, because *=[term] will only causes a hit on only the URL filter line if it's the first word in the search string.

  1. Save the text file.
  2. Go to Objects.
  3. Click Custom URL Category.
  4. Use the following steps to import your category from the text file:
    • Click Import.
    • Browse to the location of your text file.
    • Click OK.
    • The contents of your text file display line-by-line in the custom URL category.
      custom.url.category.JPG
  5. Create an action for your new Custom URL Category in a URL filtering profile.
    url.filtering.profile.JPG
  6. Ensure that the profile is attached to a security policy.
    apply.url.profile.JPG
    Alternatively, you can create a Deny policy that references your custom URL category.
    Policy.PNG
  7. Test the configuration.
    configuration.test.JPG

 

owner: kgotlob



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHhCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language