Add URL List Application elements to manually block or allow URLs
URL List Application elements allow you to define custom lists of URLs to block or allow web traffic.
- When you block HTTPS traffic with URL lists:
- If the URL list only has simple domains, then it works without decryption. For example, example.com.
- If the URL list has URLs with paths, then it requires TLS decryption to work. For example, example.com/path.
- When you allow HTTPS traffic with URL lists:
- If the URL list only has simple domains, then it works. For example, example.com.
- If the URL list has URLs with paths, then it does not work. For example, example.com/path.
Note: You cannot currently all ow HTTPS URLs with paths by using the URL List Application.
For information about the workaround to allow HTTPS traffic with paths, refer to the Using a URL List on NGFW to Allow HTTPS Connections to the Specific URL Path Does Not Work Knowledge Base Article.
The action that you select in the Access rules determines whether the URLs in the URL List Application are blocked or allowed.
When you use URL List Applications in combination with category-based URL filtering, you can allow individual URLs that are included in a blocked category. Using URL List Applications to allow URLs only affects other URL-based filtering. It does not exclude the traffic from other inspection checks. Traffic to allowed URLs might still be terminated if deep inspection is enabled and the traffic matches Situations in the Inspection Policy.
There is no limit on the number of URL List Applications that you can create or on the number of URLs that you can add to each URL List Application. You can enter URLs as whole URLs or partial URLs. Partial URLs must end with a slash (/). The URLs in the list can match all URLs in a domain, all URLs in a specified path, or exact URLs.
When you add an exact URL, only the specified URL matches. Other URLs in the same domain or path do not match. For example, if you add the exact URL www.example.com/index.html, connections to www.example.com/main.html do not match.
When you add domains or paths, connections might match more than one URL. For example:
- If you add an exact URL and a path that is part of the exact URL, both URLs match if the engine detects a request to the exact URL.
For example, if you add the exact URL www.example.com/path/index.html and the path example.com/path/, both URLs match if the engine detects a request to
http://www.example.com/path/index.html
. - If you add a domain name followed by a slash, the URL List also matches connections to subdomains of the domain name.
For example, if you enter example.com/, the URL List also matches connections to
login.example.com
andwww.example.com
.
For more details about the product and how to configure features, click Help or press F1.
Steps
Next steps
To use the URL List Application element for URL filtering, add it to an Access rule.
URL List Application Properties dialog box
Use this dialog box to define custom lists of URLs to block or allow.
Option | Definition |
---|---|
General tab | |
Name | Specifies a unique name for the URL List Application. |
URLs | Specifies the URLs.
|
Standard ports, unless otherwise specified in 'Service (Port)' field | |
Secure SD-WAN Versions | Shows the Secure SD-WAN with which the URL List Application is compatible. Not editable. When creating new URL List Application elements, this option is blank. |
Protocol | Shows the protocol for the default port. |
Default Ports | Shows the default ports that the URL List Application matches. Not editable. When creating new URL List Application elements, this option is blank. |
TLS | Shows whether TLS is required, allowed, or forbidden. |
Category | Includes the Situation in predefined categories. |
Select | Opens the Category Selection dialog box. |
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
Tags tab | |
Name | Shows the name of the tag. |
Comment | Shows the comment associated with the tag. |
Type | Shows the type of tag. |
Add Tags | Opens the dialog box to add a tag. Select from the available options:
|