Created on
08-12-2019
05:45 AM
Edited on
09-01-2023
05:11 AM
By
Nishtha_Baria
Description
This article explains how to exempt or block access to a website using the URL filter feature.
Scope
FortiGate.
Solution
There are three types of URLs that can be defined.
1) Simple: A simple URL filter entry could be a regular URL.
For example: www.fortinet.com
- URL: fortinet.com
- URL: fortinet.com/support
2) Wildcard: A wildcard can be used to include one or more URLs to a simple URL
For example:
- URL: *.fortinet.com (everything before ".fortinet.com" will match this rule, like support.fortinet.com)
- URL: www.fortinet.com/* (everything after "www.fortinet.com/" will match this rule, like www.fortinet.com/contact)
3) Regular Expressions (regex): Regex is used to include one or more URLs related -or not related- to a pattern using some Perl syntax
For example:- "*" symbol means: match 0 or more times of the character before the symbol, but no match with any character.
For example:"fortinet*.com" will match "fortinetttttttt.com" but not "fortinetsupport.com"
"/i" symbols means: makes the pattern case sensitive.
For example:"/FORTINET/i" will not match with "fortinet"
"^" symbols means: at the beginning of the string.
For example:"^fo" will match 'fortinet.com'
'.' symbol means: match the same or different character than the one before the symbol, but is followed by the rest of the sentence.
For example:'fortinet.com' will match 'fortinetacom', 'fortinetbcom', 'fortinetzcom'
Configuring a URL filter:
GUI:
1) Go to Security Profiles -> Web Filter.
2) Select a web filter to edit.
3) Under Static URL Filter, enable URL Filter, and select Create New.
4) Enter the URL, without the “http”, for example: www.example*.com
5) Select a Type: Simple , Regular Expression, or Wildcard. In this example, select Wildcard
6) Select the Action to take against matching URLs: Exempt, Block, Allow, or Monitor.
7) Select 'Enable'.
8) Select 'OK'.
#config webfilter urlfilter
edit <ID>
config entries
edit 1
set url <url>
set referrer-host <url>
set type {simple | regex | wildcard}
set action {block | allow | monitor | exempt}
set status {enable | disable}
end
end
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.