How to block user from accessing to amazon.com and allow kindle

How to block user from accessing to amazon.com and allow kindle

3165
Created On 03/31/20 16:24 PM - Last Modified 05/09/24 21:31 PM


Objective


  • PANOS can block Amazon web page (www.amazon.com) and allow access to kindle App for downloading books.
  • If SSL decryption is used. Firewall will block web-browsing application and user will see warning: "Web Page Blocked."
  • If SSL decryption is not used. Firewall will block SSL application and user will see error: "This site can't be reached."

Environment


  • Palo Alto NGFW firewalls
  • Supported PAN-OS
  • URL Filtering
  • Kindle App

Procedure


  1. Under  GUI: Object > Custom Objects > URL Category, create a URL category with type: URL, site: "www.amazon.com". Make sure to add "www."
User-added image
 
  1. Under GUI:Policies > Security, create a security policy to deny applications: "quic","ssl", "web-browing" and deny service: "service-http" and "service-https"
User-added image
 
  1. Under Service/URL Category, add the URL-Category created in step1.
User-added image
  1. Click "OK" and "Commit the configuration.

Additional Information


Verification:
  • This is an example when SSL decryption is used. Amazon is blocked, but kindle services are seen.
  • Monitor logs and browser display the web service www.amazon.com being blocked.
 
User-added image User-added image User-added image
  • This is an example when SSL decryption is  not used. 
  • Browser displays the website cannot be reached
User-added image User-added image User-added image
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPMtCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail