Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dclabs
New Contributor

WebFilter blocks only fqdn typed inot the brower address bar

Hi,

 

I'm trying to block specific websites using the Static URL Filter in the WebFilter security profile.

What happens though is that the website is blocked only when typed into the address bar of the browser and not when accessed through a search engine.

Example:

 

If I block netflix.com, the site is actually blocked when I type netflix.com into the browser bar, but I can still access it when I look for netflix on google and then click on the results.

11 REPLIES 11
gfleming
Staff
Staff

Can you please show your URL Filter configuration?

 

Cheers,
Graham
enoryq
New Contributor II

Hello

I suspect that Netflix is using a CDN (Content Delivery Network) and therefore your Static URL filter will not work.

Perhaps your best option would be to create a deny-rule using the Netflix Internet Service as the destination and deny block like that?
netflix services.png
Hope this helps in someway,

dclabs
New Contributor

Thanks for your reply.

It's not just Netflix but it's but it seems to do the same with all URLs of various different services (video straming, webmails, etc.).

gfleming

Please show your configuration

Cheers,
Graham
dclabs

Hi Graham,

 

I cloned the default Web Filter profile, turn it into proxy-based (as well as the firewall policy on which it's applied) then added some static URL Filters using the wildcard configuration and action set to "block".

gfleming

Please show this configuration. Screen shot or CLI output.

Cheers,
Graham
dclabs

please see below

 

config webfilter profile
edit "ASST_default"
set comment "asst proxy web filtering."
set feature-set proxy
config web
set urlfilter-table 1
end
config ftgd-wf
unset options
set exempt-quota g21
config filters
edit 1
set category 1
set action block
next
edit 2
set category 2
next
edit 3
set category 3
set action block
next
edit 4
set category 4
set action block
next
edit 5
set category 5
set action block
next
edit 6
set category 6
set action block
next
edit 8
set category 8
set action block
next
edit 9
set category 9
set action block
next
edit 11
set category 11
set action block
next
edit 12
set category 12
set action block
next
edit 13
set category 13
set action block
next
edit 14
set category 14
set action block
next
edit 15
set category 15
next
edit 16
set category 16
set action block
next
edit 59
set category 59
next
edit 62
set category 62
set action block
next
edit 83
set category 83
set action block
next
edit 96
set category 96
set action block
next
edit 98
set category 98
set action block
next
edit 99
set category 99
set action block
next
edit 57
set category 57
set action block
next
edit 63
set category 63
next
edit 64
set category 64
set action block
next
edit 65
set category 65
set action block
next
edit 66
set category 66
set action block
next
edit 67
set category 67
set action block
next
edit 72
set category 72
set action block
next
edit 26
set category 26
set action block
next
edit 61
set category 61
set action block
next
edit 86
set category 86
set action block
next
edit 88
set category 88
set action block
next
edit 90
set category 90
set action block
next
edit 91
set category 91
set action block
next
edit 20
set category 20
set action block
next
edit 35
next
end
end
next
end

gfleming

And your URL Filter config?

show webfilter urlfilter 1
Cheers,
Graham
dclabs


config webfilter urlfilter
edit 1
set name "Auto-webfilter-urlfilter_by7geicmk"
config entries
edit 1
set url "*.edatasales.com*"
set type wildcard
set action block
next
edit 2
set url "*.frnatacion.es*"
set type wildcard
set action block
next
edit 3
set url "*.ispot.cc*"
set type wildcard
set action block
next
edit 4
set url "*.myhotnudegirls.com*"
set type wildcard
set action block
next
edit 5
set url "*.quispesomoza.es*"
set type wildcard
set action block
next
edit 6
set url "*.tripod.com*"
set type wildcard
set action block
next
edit 7
set url "*142.202.188.223*"
set type wildcard
set action block
next
edit 8
set url "*142.202.188.233*"
set type wildcard
set action block
next
edit 9
set url "*162.216.240.7*"
set type wildcard
set action block
next
edit 10
set url "*ap.archiviumsrl.it*"
set type wildcard
set action block
next
edit 11
set url "*dilei.it*"
set type wildcard
set action block
next
edit 12
set url "*gangbangstar.club*"
set type wildcard
set action block
next
edit 13
set url "*hotntubes.com*"
set type wildcard
set action block
next
edit 14
set url "*just**bleep**o.tv*"
set type wildcard
set action block
next
edit 15
set url "*king.com*"
set type wildcard
set action block
next
edit 16
set url "*lookimonline.com*"
set type wildcard
set action block
next
edit 17
set url "*myglobalsteps.com*"
set type wildcard
set action block
next
edit 18
set url "*myhotnudegirls.com*"
set type wildcard
set action block
next
edit 19
set url "*photoserv*"
set type wildcard
set action block
next
edit 20
set url "*photoserv20.info*"
set type wildcard
set action block
next
edit 21
set url "*photoshtab.ru*"
set type wildcard
set action block
next
edit 22
set url "*playboy.com*"
set type wildcard
set action block
next
edit 23
set url "***bleep**osom.com*"
set type wildcard
set action block
next
edit 24
set url "***bleep**sled.com*"
set type wildcard
set action block
next
edit 25
set url "***bleep**staro.com*"
set type wildcard
set action block
next
edit 26
set url "*solitario-verde.com*"
set type wildcard
set action block
next
edit 27
set url "*tumblr.com*"
set type wildcard
set action block
next
edit 28
set url "3bmeteo.com*"
set type wildcard
set action block
next
edit 29
set url "88.214.241.199*"
set type wildcard
set action block
next
edit 30
set url "amazon.it*"
set type wildcard
set action block
next
edit 31
set url "comingsoon.it*"
set type wildcard
set action block
next
edit 32
set url "corrieredellesport.it*"
set type wildcard
set action block
next
edit 33
set url "diogenes.it*"
set type wildcard
set action block
next
edit 34
set url "fastmail.com*"
set type wildcard
set action block
next
edit 35
set url "fastmail.fastweb.it*"
set type wildcard
set action block
next
edit 36
set url "fastmail.fastwebnet.it*"
set type wildcard
set action block
next
edit 37
set url "fpdownload2.macromedia.com*"
set type wildcard
set action block
next
edit 38
set url "fwmail.it*"
set type wildcard
set action block
next
edit 39
set url "gmail.com*"
set type wildcard
set action block
next
edit 40
set url "ivid.com*"
set type wildcard
set action block
next
edit 41
set url "ivid.it*"
set type wildcard
set action block
next
edit 42
set url "maduli.it*"
set type wildcard
set action block
next
edit 43
set url "mail.alice.it*"
set type wildcard
set action block
next
edit 44
set url "mail.libero.it*"
set type wildcard
set action block
next
edit 45
set url "mail.tiscali.it*"
set type wildcard
set action block
next
edit 46
set url "mail.virgilio.it*"
set type wildcard
set action block
next
edit 47
set url "mail.yahoo.com*"
set type wildcard
set action block
next
edit 48
set url "realtime.services*"
set type wildcard
set action block
next
edit 49
set url "softonic.com*"
set type wildcard
set action block
next
edit 50
set url "softonic.it*"
set type wildcard
set action block
next
edit 51
set url "spotify.com*"
set type wildcard
set action block
next
edit 52
set url "tripadvisor.it*"
set type wildcard
set action block
next
edit 53
set url "vimeocdn.com*"
set type wildcard
set action block
next
edit 54
set url "webmail.infinito.it*"
set type wildcard
set action block
next
edit 55
set url "wtvideo.com*"
set type wildcard
set action block
next
edit 56
set url "www.softonic.it*"
set type wildcard
set action block
next
edit 57
set url "*.netflix.*"
set type wildcard
set action block
next
edit 58
set url "mail.google.com*"
set type wildcard
set action block
next
edit 59
set url "netflix.com*"
set type wildcard
set action block
next
end
next
end

 

Labels
Top Kudoed Authors