Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlekseiN
New Contributor

WEB filter. Block by page.

Hello all.

I looking for a solution to block specific pages with a WEB filter.

 

For example, I want to block the page "contact" or "contact.aspx"

https://www.fortinet.com/ should work, but page https://www.fortinet.com/support/contact

 

Any idea, how to do this?

 

BR

Aleksei

 

 

AL
AL
6 REPLIES 6
sw2090
SuperUser
SuperUser

Webfilter on its own can only block by cathegory rating.

What you want to do can be achieved using the url filter.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
AlekseiN

You are absolutely right! 

My mistake, didn't explain well.
I have tried to do this in URL filter and contend filter but without success.
But now, I see that it works but only if I enable SSL - deep-inspection.
But "deep-inspection" gives me problems too.

AL
AL
kvimaladevi

Hi AlekseiN,

As you are exempting certain URL from being allowed, deep inspection will be required. Could you confirm what is the issue you have with deep inspection.

Please make sure to install the deep inspection certificate in the client trusted root store.

 

Regards,

Vimala

AlekseiN

Hello.

Thank you for your answer. 

The problem with deep inspection is that I want to enable it on a public network (with wifi, wifi device not fortinet), so I can't install the certificate on the clients. 

AL
AL
jakus4
New Contributor

When using a webfilter with certificate inspection, FortiGate applies an action depending on the category of the website a user is trying to access.

If the site you're trying to reach is categorized as blocked, FortiGate will try to display a blocked page.

In your situation, FortiGate will try to show you a blocked page but you get an untrusted certificate > It's FortiGate trying to get you to show the blocked page instead of your website.

The problem is that everything is HTTPS, and HTTPS can't be broken without a deep inspection profile. So you get the result you described, but normally you don't have the option to skip the warning (the proceed button at the bottom shouldn't appear).

For the version, I recommend v7.0.11 for prod and v7.2.4 for lab.

https://xender.vip/
dustinjames951
New Contributor

Hello Aleksei,

You can typically block specific pages using a web filter by configuring URL filtering rules. In this case, you can create a rule that targets URLs containing "/contact" or "/contact.aspx" and set it to be blocked. The exact steps to do this may vary depending on the Latest specific web filter or firewall solution you're using. It's best to consult the documentation or support resources for your web filter system to get detailed instructions on how to set up such rules.

Labels
Top Kudoed Authors