Description
This article provides an example of how to create a URL filter rule to 'Allow' or 'Exempt' a particular URL from a 'Blocked' Category in FortiGuard Web Filtering.
Using Regex - Regular Expression.
Scope
FortiGate.
Solution
Web-based Manager (GUI).
- Go to Security Profiles -> Web Filter -> Static URL Filter and enable URL Filter.
- Select 'Create New', or select an already available list.
- Select 'Create New', to create an entry for each of the following exempt rules.
URL= .*\.example\.com.*
Type= regex
Action =allow
URL= .*\.fortinet\.com.*
Type= regex
Action =exempt
Type= regex
Action =exempt
Comand Line Interface (CLI).
config webfilter profile
edit "URL_Filter"
config web
set urlfilter-table 1 <----- The ID as below.
end
edit "URL_Filter"
config web
set urlfilter-table 1 <----- The ID as below.
end
config webfilter urlfilter
edit 1 <---
set name "Static URL Filter - URL_Filter Web Filter Profile"
config entrie
edit 1
set url ".*\\.example\\.com.*" <----- Double escape character '\' , one of them is added automatically by FortiGate, for the same reason.
set type regex
set action allow
next
edit 2
set url ".*\\.fortinet\\.com.*"
set type regex
next
end
next
end
edit 1 <---
set name "Static URL Filter - URL_Filter Web Filter Profile"
config entrie
edit 1
set url ".*\\.example\\.com.*" <----- Double escape character '\' , one of them is added automatically by FortiGate, for the same reason.
set type regex
set action allow
next
edit 2
set url ".*\\.fortinet\\.com.*"
set type regex
next
end
next
end
Explanation regarding regex special characters use:
To match a special character such as '.' or ‘*’ use the escape character ‘\’. For example, to match fortinet.com the regular expression should be fortinet\.com.
In Perl regular expressions, ‘*’ means match 0 or more times of the character before it, not 0 or more times of any character. For example, forti*.com matches fortiiii.com but does not match fortinet.com.
To match any character 0 or more times, use ‘.*’ where ‘.’ means any character, and the ‘*’ means 0 or more times. For example, the wildcard match pattern forti*.com should therefore be forti.*\.com.
In Perl regular expressions, ‘*’ means match 0 or more times of the character before it, not 0 or more times of any character. For example, forti*.com matches fortiiii.com but does not match fortinet.com.
To match any character 0 or more times, use ‘.*’ where ‘.’ means any character, and the ‘*’ means 0 or more times. For example, the wildcard match pattern forti*.com should therefore be forti.*\.com.
