Technical Tip: How to block/allow a subdomain on a URL filter
Description
This article describes an example of how to block/allow a sub-domain on a URL filter.
Scope
FortiGate.
Solution
Web Based Manager (GUI) configuration example to allow sub-domain.com
Step 1:
To block/allow subdomains like xyz.abc.org.net, use a URL filter with the following expression:
*abc*.net
To block domains ending with abc.net and any subdirectories (e.g., abc.net/path) while allowing domains like abc.net.com, use a URL filter with following expression
\.net(/|$)
Step 2: To create a web profile static URL filter:
Under Security Profiles -> Web Filter -> Select a Web Filter profile to edit.
Under the Static URL Filter, enable the URL Filter toggle and select Create New.
Enable HTTP and/or HTTPs Web URL Filter, and in the option field, choose the URL list created above. Select the Action to take against matching URLs: Exempt, Block, Allow, or Monitor. If required, enable the Logging option to log the browsed sites.
Step 3: After having created the Web Profile, create the Firewall Policy and select the 'Enable Web Filter' option under UTM, choosing the Web Profile that was created earlier.
Related articles: