Skip to main content
Laniver
Laniver
New Member
January 12, 2025
Question

Fortigate firewall static URL not exempting URLs from web filter

  • January 12, 2025
  • 4 replies
  • 3178 views

The firewall is running version 7.2.10.

I have a set of rules which has web filters, IPS and DNS filters enabled.

 

The web filter is set to warning for unrated websites. I have set several static URL filters to exempt certain URLs from web filtering, but it is apparently still being blocked by web filtering.

 

How do I ensure the static URL filters work for exempting URLs from web filtering?

    4 replies

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    January 12, 2025

    Hi @Laniver ,

     

    When you say "but it is apparently still being blocked by web filtering", did you mean it is blocked by the FortiGuard Category?

     

    Anyway, can you share your URL Filter configuration for the URLs in this issue?

      kaman
      Staff
      kaman
      Staff
      January 12, 2025

      Hi Laniver,

      When apparently blocked by web filtering so at time if you encounter a FortiGuard Deny Page due to web filtering, please provide a screenshot of the page.

      Additionally, navigate to Log & Report -> Security Events -> Web Filter in your system and review the logs details on whether the website was blocked or bypassed. Pay attention to the "Message" field in the logs as well.

      Note: To exempt a specific website, use the Wildcard type for the exemption.

      You can refer to the below document for Troubleshooting static URL filter by 'debug ips'

      https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshooting-static-URL-filter-by-debug-ips/ta-p/248171

      Regards,
      Aman

        Laniver
        LaniverAuthor
        New Member
        January 12, 2025

        Please see attached image when I set web filter to 'Warning' for unrated category.

        Laniver_1-1736693460218.png

        Hostname anw.cz.com
         
        I have set a wildcard static URL - http://anw.cz.com/*

         

         

        dingjerry_FTNT
        Staff
        dingjerry_FTNT
        Staff
        January 12, 2025

        Hi @Laniver ,

         

        The log message does not help us to identify why FortIGuard Category blocked it.

         

        Please provide your static URL Filter configuration about "anw.cz.com".

          Laniver
          LaniverAuthor
          New Member
          January 13, 2025

           

          Static URL filter configuration:

          Laniver_0-1736746335394.png

           

          dingjerry_FTNT
          Staff
          dingjerry_FTNT
          Staff
          January 13, 2025

          Hi @Laniver ,

           

          Please use the following for the URL field:

           

          *anw.cz.com*

            Laniver
            LaniverAuthor
            New Member
            January 29, 2025

            Thanks, but I noticed it does not work for all cases. 

            For instance, *anw.cz.com* does not match xc03.anw.cz.com.

             

             

            I have another matching issue which I am having trouble with.

            Domains to be matched:

            c1-ny-cvx.anw.cz.com

            c1-ny-mpm.anw.cz.com

            I created the following regular expression, but it does not match. Traffic to both domains still get denied by the web filter.

            c1-ny-(cvx|mpm)\.anw\.cz\.com

            Terms & ConditionsAccessibility statement