Palo Alto Networks Knowledgebase: URL Block Page (Response Page) Appears When Custom URL is Used

URL Block Page (Response Page) Appears When Custom URL is Used

4048
Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Symptom

If a custom URL is used in any of the policy, and traffic does not match the custom URL policy, it hits any deny rule. The user will receive a URL Block Page (Response Page), even though the deny rule has no URL filtering profile. The Palo Alto Networks firewall generates only the traffic log with no URL filtering log. There are no URL filtering logs with the URL Block Page, while using the custom URL.

 

Cause

The traffic appears as normal traffic logs. For the screenshot example below, see the following rule functions:

  • The first rule allows DNS Traffic
  • The second rule allows custom URL "google-custom-url", which contains *.google.com. It is used to match any site which has google.com in it.
  • The third rule is simple, deny any without URL filtering profile.

If a user tries to access facebook.com, which does not meet the first rule, it does not match the second rule, which allows sites containing the google.com word in the URL. Now it matches the third rule, deny any rule. The user is prompted the block page, even though the deny rule is not configured with any URL filtering profile.

Custom_URL.png

 

owner: hshah



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqYCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language