Blocking monster in URL Webfilter

RolandBaumgaertner72 · ‎03-06-2025

Hello,

we have an issue with blocking hdfull.monster. We tried in Webfilter and URL filter and it would not work. Checking nslookup there are Cloudflare IPs and comparing with the test sessions I see other Cloudflare IPs.

Any suggestion how to block this video stream monster?

Thanks!

AEK · ‎03-06-2025

Hi Roland

Can you share the web filter you are using?

AEK

dingjerry_FTNT · ‎03-06-2025

Hi @RolandBaumgaertner72 ,

Not sure which one you are using, Certification Inspection or Deep Inspection.

And please share your configuration about URL Filter and web filter (I assume you mean Category based Filter).

Regards,

Jerry

dingjerry_FTNT · ‎03-06-2025

Hi @RolandBaumgaertner72 ,

I just did a quick test with Certification Inspection and URL Filter, it worked for me:

Regards,

Jerry

jpsgps · ‎03-06-2025

I am seeing a similar issue with Cloudflare sites.
Certificate Inspection and URL Filter are being used but the firewall does not even see the URL at all, only the IPs.

AEK · ‎03-06-2025

Probably due to ECH. Check this.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/447220/block-or-allow-ech-tl...

AEK

jpsgps · ‎03-06-2025

Yes, I just found some documentation about ECH from Cloudflare. I will check out this link, thanks!

jpsgps · ‎03-06-2025

We are on 7.2, doesn't look like those options are available. Guess we will have to deal with it unless there is some other way.

dingjerry_FTNT · ‎03-06-2025

Please see the screenshots I provided for my testing. It's nothing to do with ECH.

Regards,

Jerry

jpsgps · ‎03-06-2025

I'm not sure...I am not even seeing the traffic in the Logs when searching for the URL. I can see the IP being hit but does not show the Destination URL. It shows "cloudflare-ech.com".

At least for my particular case.

Blocking monster in URL Webfilter

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website