Webfilter blocking URI (Page) after allowing the Host Address (Domain)
Hi All, We have a Fortigate 30E and I have a requirement to block certain page in a particular domain.
Ex.) There is a domain https://xyz.com. That primary domain must be allowed but a page in that domain must not be blocked, like https://xyz.com/page1.php? . I could find that after allowing the primary domain the firewall is creating a session, hence not blocking any URI path further. Correct me if I am wrong. Also please provide an way to implement the URI block (or) HTTP method block (or) using any other method, but the primary domain should be blocked. Thanks.
You can use static URL filter in Web Filter profile to allow a specific URL instead of the domain. You can also use wildcard/regex to match a specific pattern. Example shown in the attached image. Mark it solved if it answered your query.
Deep packet inspection is a MUST to enable any control of sub-URLs in the content filters. Without DPI the Fortigate is not able to see any content in encrypted packets. The host name could be visible, though, if it is a part of the SSL/TLS handshaking.
I have tried Deep Packet Inspection. My doubt is, will FortiGate look in to sub-url / path after creating the Statefull session entry for the particular destination. Firewall is doing man-in-the-middle process, but I am not sure whether it is checking the requesting sub-url / path for that domain every time. Is there anything to deal with cookie.