Fortigate Web Filter Syntax

For the Fortigate Web Filtering I'm trying to figure out the proper syntax to open whitelist a domain.
Even if that domain has more path behind it.

For example both www.mydomain.com and www.mydomain.com/business/advertising/prices.pdf

I watched the Fortinet video, and it shows the URL filter should be: *mydomainname.com  "wildcard" "Exempt"
but that does not work at all.

I tried *.mydomainname.com and that works for the main page, but not the remainder of the path. (it get blocked by a web filter category)

Thanks!
DrPingAsked:
Who is Participating?
 
FideliusConnect With a Mentor Commented:
Hello,

If you choose type "Simple", you can put just www.mydomain.com 
It will also allow www.mydomain.com/business/advertising/prices.pdf

If you want type "Wildcard", you can put wildcard on begining, end or both:
www.mydomain.com*
*mydomain.com*
*mydomain.com

I have it configured in all above ways for different type of sites.
I'm running FortiOS 5.2.1

Regards!
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Agree with Fidelius. It can be either
To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on
or
Control access to all URLs that match patterns created using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.
URL filtering uses a black list approach. That is, all sites are allowed, except those that are blocked. Note also the list entries are processed from top to bottom. Note it is specific to the pattern of the URL stated. However, more commonly if you wanted to be specific on Web Site only (not URL) then you can use Web Site Filter instead for www.domain.com though you can achieve in URL filter too but need to be careful on the pattern declaration. Side note, you can even drill into Web Content filter..

But do take note as shared in docs(pdf) when using Exempt
When you add a URL pattern to a URL filter list and apply the Exempt action, traffic sent to and replies traffic from sites matching the URL pattern will bypass all antivirus proxy operations. The connection itself inherits the exemption. This means that all subsequent reuse of the existing connection will also bypass all antivirus proxy operations. When the connection times out, the exemption is cancelled.
0
All Courses

From novice to tech pro — start learning today.