Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Fortigate Web Filter Syntax

Posted on 2014-12-01
2
Medium Priority
?
2,719 Views
Last Modified: 2014-12-08
For the Fortigate Web Filtering I'm trying to figure out the proper syntax to open whitelist a domain.
Even if that domain has more path behind it.

For example both www.mydomain.com and www.mydomain.com/business/advertising/prices.pdf

I watched the Fortinet video, and it shows the URL filter should be: *mydomainname.com  "wildcard" "Exempt"
but that does not work at all.

I tried *.mydomainname.com and that works for the main page, but not the remainder of the path. (it get blocked by a web filter category)

Thanks!
0
Comment
Question by:DrPing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Fidelius earned 1000 total points
ID: 40475431
Hello,

If you choose type "Simple", you can put just www.mydomain.com 
It will also allow www.mydomain.com/business/advertising/prices.pdf

If you want type "Wildcard", you can put wildcard on begining, end or both:
www.mydomain.com*
*mydomain.com*
*mydomain.com

I have it configured in all above ways for different type of sites.
I'm running FortiOS 5.2.1

Regards!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 40475659
Agree with Fidelius. It can be either
To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on
or
Control access to all URLs that match patterns created using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.
URL filtering uses a black list approach. That is, all sites are allowed, except those that are blocked. Note also the list entries are processed from top to bottom. Note it is specific to the pattern of the URL stated. However, more commonly if you wanted to be specific on Web Site only (not URL) then you can use Web Site Filter instead for www.domain.com though you can achieve in URL filter too but need to be careful on the pattern declaration. Side note, you can even drill into Web Content filter..

But do take note as shared in docs(pdf) when using Exempt
When you add a URL pattern to a URL filter list and apply the Exempt action, traffic sent to and replies traffic from sites matching the URL pattern will bypass all antivirus proxy operations. The connection itself inherits the exemption. This means that all subsequent reuse of the existing connection will also bypass all antivirus proxy operations. When the connection times out, the exemption is cancelled.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi there, This article summarizes what you need if you are going to set up your home or small business Network Attached Storage (NAS) to be accessible from the internet. Of course there are configuration differences based on your NAS or router ma…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question