Palo Alto Networks Knowledgebase: URL Block Page (Response Page) Appears When Custom URL is Used

URL Block Page (Response Page) Appears When Custom URL is Used

Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection


If a custom URL is used in any of the policy, and traffic does not match the custom URL policy, it hits any deny rule. The user will receive a URL Block Page (Response Page), even though the deny rule has no URL filtering profile. The Palo Alto Networks firewall generates only the traffic log with no URL filtering log. There are no URL filtering logs with the URL Block Page, while using the custom URL.



The traffic appears as normal traffic logs. For the screenshot example below, see the following rule functions:

  • The first rule allows DNS Traffic
  • The second rule allows custom URL "google-custom-url", which contains * It is used to match any site which has in it.
  • The third rule is simple, deny any without URL filtering profile.

If a user tries to access, which does not meet the first rule, it does not match the second rule, which allows sites containing the word in the URL. Now it matches the third rule, deny any rule. The user is prompted the block page, even though the deny rule is not configured with any URL filtering profile.



owner: hshah

  • Print
  • Copy Link

Choose Language