Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor III

Created on ‎03-06-2025 12:25 AM

Blocking monster in URL Webfilter

Hello,

 

we have an issue with blocking hdfull.monster. We tried in Webfilter and URL filter and it would not work. Checking nslookup there are Cloudflare IPs and comparing with the test sessions I see other Cloudflare IPs.

 

Any suggestion how to block this video stream monster?

 

Thanks!

Labels:
983
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎03-06-2025 06:25 AM

Hi Roland

Can you share the web filter you are using?

AEK
AEK
956
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎03-06-2025 07:04 AM

Hi @RolandBaumgaertner72 ,

 

Not sure which one you are using, Certification Inspection or Deep Inspection.

 

And please share your configuration about URL Filter and web filter (I assume you mean Category based Filter).

Regards,

Jerry
950
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to dingjerry_FTNT

Created on ‎03-06-2025 07:19 AM

Hi @RolandBaumgaertner72 ,

 

I just did a quick test with Certification Inspection and URL Filter, it worked for me:

 

URL_Filter.png

Regards,

Jerry
947
0 Kudos
jpsgps
New Contributor

Created on ‎03-06-2025 08:10 AM

I am seeing a similar issue with Cloudflare sites. 
Certificate Inspection and URL Filter are being used but the firewall does not even see the URL at all, only the IPs.

933
0 Kudos
AEK
SuperUser
SuperUser
In response to jpsgps

Created on ‎03-06-2025 08:17 AM

Probably due to ECH. Check this.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/447220/block-or-allow-ech-tl...

AEK
AEK
902
jpsgps
New Contributor
In response to AEK

Created on ‎03-06-2025 08:21 AM

Yes, I just found some documentation about ECH from Cloudflare. I will check out this link, thanks!

900
0 Kudos
jpsgps
New Contributor
In response to jpsgps

Created on ‎03-06-2025 08:49 AM

We are on 7.2, doesn't look like those options are available. Guess we will have to deal with it unless there is some other way.

892
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to jpsgps

Created on ‎03-06-2025 09:27 AM

Please see the screenshots I provided for my testing.  It's nothing to do with ECH.

Regards,

Jerry
879
0 Kudos
jpsgps
New Contributor
In response to dingjerry_FTNT

Created on ‎03-06-2025 09:41 AM

I'm not sure...I am not even seeing the traffic in the Logs when searching for the URL. I can see the IP being hit but does not show the Destination URL. It shows "cloudflare-ech.com". 

At least for my particular case. 

864
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.