URL Filtering Order

URL Filtering Order

43610
Created On 09/26/18 13:50 PM - Last Modified 03/30/21 23:51 PM


Symptom
What happens when a  URL matches multiple patterns (multiple custom URL filtering categories and allow/block-list) within a URL filtering profile?

Environment
  • Palo Alto Firewall.
  • Any PAN-OS.
  • URL Filtering.


Resolution

When a URL matches multiple categories, the category chosen is the one that has the most severe action defined below (block being most severe and allow least severe).

  1. block
  2. override
  3. continue
  4. alert
  5. allow

For example, if *.yahoo.com exists in MyAlertList and MyBlockList simultaneously) within the same URL filtering profile and www.yahoo.com is the URL, the action will be “block” and the category name will be “MyBlockList”.  This is similar to the original behavior between “allow-list” and “block-list” in that the block-list will be checked BEFORE the allow-list if a URL matches both “allow-list” and “block-list”.

The priority for URL filtering is:

  1. block list
  2. allow list
  3. custom categories
  4. cached
  5. pre-defined categories

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClsmCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language