Staff

Technical Note : filtering URLs containing special characters - Punycode encoding - International Domain Name - UTF8

Forum|Forum|16 years ago
January 29, 2010
0 replies
3293 views

Description
Some URLs

defined in an International Domain Name (IDN*) format contain special characters such as : ñ , ü , ă , ù , á, î , ö , ý ...

Example : www.mýdömáînnáme.com

IDNs are converted into an ASCII encoding (named PunyCode) by applications such as Web browsers or nslookup. The Punycode domain name is then sent over the network (DNS query, HTTP GET query, ...).

To perform Web URL filtering for such URLs, the FortiGate must be configured with the

Punycode domain name conversation.

(*) International domain name (IDN) is covered in the following RFCs : RFC3490, RFC3491, RFC3492 and RFC3454.

Solution
Some tools are available on Internet to convert IDN into ACE Punycode.

For example, the Punycode for www.mýdömáînnáme.com is www.xn--mdmnnme-jwac1kqdzd.com

This is a CLI configuration to perform Web URL filtering on www.mýdömáînnáme.com :

config webfilter urlfilter
    edit 1
        set comment "PunyCode Filter"
            config entries
                edit "www.xn--mdmnnme-jwac1kqdzd.com"
                    set action block
                next
            end
        set name "myURLFilter"
    next
end

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded