URL Filter Log Not Generated by Custom URL Category for CSV File

URL Filter Log Not Generated by Custom URL Category for CSV File

Created On 09/26/18 13:52 PM - Last Updated 02/07/19 23:39 PM



A custom URL category for CSV files is entered into a URL filtering profile for the purposes of monitoring the downloading of a CSV file from a server. However, when the CSV file is accessed and downloaded, a URL filtering log entry is not generated.



The following screenshot displays an example of custom URL category for a CSV file:

Screen Shot 2013-02-25 at 10.37.54 AM.png


The custom URL category is entered into a URL Filtering Profile:

Screen Shot 2013-02-25 at 10.40.28 AM.png


The session information from the Palo Alto Networks firewall indicate that the custom URL category has been detected:

> show session all


ID      Application    State Type Flag  Src[Sport]/Zone/Proto

Vsys Dst[Dport]/Zone


2 web-browsing  ACTIVE  FLOW[4001]/TapZone/6



> show session id 2

Session 2

        c2s flow:

          source: [TapZone]


          proto:      6

          sport:      4001            dport:      80

          state:      ACTIVE          type:      FLOW


        s2c flow:

          source: [TapZone]


          proto:      6

          sport:      80              dport:      4001

          state:      ACTIVE          type:      FLOW


      start time                    : Fri Nov 30 06:47:06 2012

        timeout                      : 30 sec

        time to live                  : 21 sec

        total byte count(c2s)        : 4038

        total byte count(s2c)        : 45020

        layer7 packet count(c2s)      : 23

        layer7 packet count(s2c)      : 34

        vsys                          : vsys1

      application                  : web-browsing

        rule                          : URL Filtering    <- URL Filtering rule triggered

        session to be logged at end  : True

        session in session ager      : True

        session synced from HA peer  : False

        layer7 processing            : enabled

        URL filtering enabled        : True

        URL category                 : CSV                       <- Custom URL category

        ingress interface            : ethernet1/3

        egress interface             : ethernet1/3



Check the "Content-Type" of http response header from the web server.


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

expires: 0

Content-Disposition: attachment;filename="download_test_file.csv"

Content-Type: text/csv                 <- Note that the value for content-type is: text/csv

Pragma: no-cache

Cache-control: max-age=0

Connection: close

Transfer-Encoding: chunked


To resolve the issue, add the text/csv content-type to the Container Pages on the Palo Alto Networks firewall:

  1. Navigate to the Device > Setup > Content-ID page
  2. Click Container Pages
  3. Click Add and add an entry for text/csv
    Screen Shot 2013-02-25 at 9.42.22 AM.png

owner: kkondo

  • Print
  • Copy Link


Choose Language