Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Samcorp
Staff
Staff

Created on ‎07-24-2023 07:45 AM

Article Id 265450

Technical Tip: URL filter to block top-level domain (TLD) names

Description This article explains how to exempt or block the top-level domain (TLD) names for websites using the URL filter feature.
Scope All FortiGate Firmware.
Solution

A top-level domain (TLD) is the highest level in the Domain Name System (DNS) hierarchy of the Internet. It is the part of a website's address located to the right of the dot (e.g., .com, .org, .net). TLDs play a crucial role in identifying the nature or purpose of a website's domain name and are an essential part of a URL (Uniform Resource Locator) used to access web pages.

 

This URL filter is configured to block or allow a specific top-level domain (TLD) for websites (e.g., .com, .org, .net). All other websites using that configure TLD will be blocked or allowed as the filter is configured with Regular Expressions (regex).

 

Configuring a URL filter:

 

In the following example, a URL filter will be created to block the.net TLD using a regex.

Configuring a URL filter in the GUI

To create a URL filter for .net TLD:

  1. Go to Security Profiles -> Web Filter and select Create New or edit an existing profile.
  2. In the Static URL Filter section, enable URL Filter.
  3. Select Create New. The New URL Filter pane opens.
  4. For URL, enter .*\.\bnet\b ,for Type, select Regular Expression, and for Action, select Block.

KB-Item4.png


  1. Select OK. The entry appears in the table.

KB-Item5.png

 

  1. Configure the other settings as needed
  2. Select OK.

CLI:

 

The syntax in the CLI for configuring an entry is:

 

config webfilter urlfilter

edit <1>

set name "name"

config entries

edit 1

set url ".*\\.\\bnet\\b"

set type regex

set action block

set status disable

next

end

next

end

 

To attach the URL filter table to an existing or a new webfilter profile:

 

config webfilter profile

edit "Net Filter"      <----- Name of the web filter profile.

config web

set urlfilter-table 1  <----- Where 1 is the URL filter table ID, this number can be found in 'config webfilter urlfilter': the URL filter created with the ID number.

end

config ftgd-wf

unset options

end

next

end

 

 

Verifying the URL filter results

 

Verify the URL filter results by going to a blocked website. For example, upon visiting the speedtest.net website, the replacement message appears:

 

KB-Verify.png

 

To check web filter logs in the GUI:

KB-Web-Filter log.png

 

Related articles:
Labels:
3848
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.