Skip to main content
Dhruvin_patel
Staff
Dhruvin_patel
Staff
October 8, 2024

Technical Tip: Allow all website using static url filter without using Fortiguard category based filter

  • October 8, 2024
  • 0 replies
  • 1982 views
Description

This article describes how to allow all websites using a static URL filter when the option FortiGuard category-based filter is disabled.

 

kb-url.PNG
Scope FortiGate.
Solution
  1. Enable the URL filter option under the Static URL filter.
  2. Select 'Create New' to create a new entry in the URL filter.
  3. Select 'Wildcard'.
  4. Set Action 'Allow' with Status Enable.
  5. In the URL field, keep *, which means it will allow anything.

 

kb-url2.PNG

 

The profile has been configured in policy, and all the traffic will be allowed. To block certain websites, create the URL filter entry above the allow rule.


In this example, create the entry to block website 123.net and later drag the entry above the first entry.

 

kb-url3.PNG

 

CLI reference:

 

config webfilter urlfilter
    edit 1
        set name "Auto-webfilter-urlfilter_xaoaep1xc"
            config entries
                edit 1
                    set url "123.net/*"
                    set type wildcard
                    set action block
                next
                edit 2
                    set url "*"
                    set type wildcard
                    set action allow
                next
            end
        next

end

config webfilter profile
    edit "default"
        set comment "Default web filtering."
        set feature-set proxy
            config web
                set urlfilter-table 1
                set safe-search url header
            end

 

Additionally, check the forward logs or web filter security event to verify if the website is being blocked:

 

date=2024-10-07 time=19:40:13 eventtime=1728348013086626754 tz="-0500" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="root" urlfilteridx=2 urlfilterlist="Auto-webfilter-urlfilter_7yt7kaqvq" policyid=1 poluuid="68f35182-c282-51ed-aaa2-77125bd2803c" policytype="policy" sessionid=848250 srcip=172.16.254.200 srcport=63908 srccountry="Reserved" srcintf="Test" srcintfrole="lan" srcuuid="xxxxx" dstip=216.109.194.6 dstport=443 dstcountry="United States" dstintf="wan1" dstintfrole="undefined" dstuuid="xxxxx" proto=6 service="HTTPS" hostname="www.123.net" profile="default" action="blocked" reqtype="direct" url="https://www.123.net/" sentbyte=649 rcvdbyte=0 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high"

 

The above log indicates the website is getting blocked due to static URL entry 2 (urlfilteridx=2).

image2.PNG

 

Related documents:

Static URL filter

Technical Tip: Use static URL filtering without FortiGuard Web Filter license

Technical Tip: Allow certain websites using static URL filter and block all other websites without using FortiGuard category-based filter
    Terms & ConditionsAccessibility statement