Add URL List Application elements to manually block or allow URLs

URL List Application elements allow you to define custom lists of URLs to block or allow web traffic.

Important:
  • When you block HTTPS traffic with URL lists:
    • If the URL list only has simple domains, then it works without decryption. For example, example.com.
    • If the URL list has URLs with paths, then it requires TLS decryption to work. For example, example.com/path.
  • When you allow HTTPS traffic with URL lists:
    • If the URL list only has simple domains, then it works. For example, example.com.
    • If the URL list has URLs with paths, then it does not work. For example, example.com/path.
    Note: You cannot currently all ow HTTPS URLs with paths by using the URL List Application.

For information about the workaround to allow HTTPS traffic with paths, refer to the Using a URL List on NGFW to Allow HTTPS Connections to the Specific URL Path Does Not Work Knowledge Base Article.

The action that you select in the Access rules determines whether the URLs in the URL List Application are blocked or allowed.

When you use URL List Applications in combination with category-based URL filtering, you can allow individual URLs that are included in a blocked category. Using URL List Applications to allow URLs only affects other URL-based filtering. It does not exclude the traffic from other inspection checks. Traffic to allowed URLs might still be terminated if deep inspection is enabled and the traffic matches Situations in the Inspection Policy.

There is no limit on the number of URL List Applications that you can create or on the number of URLs that you can add to each URL List Application. You can enter URLs as whole URLs or partial URLs. Partial URLs must end with a slash (/). The URLs in the list can match all URLs in a domain, all URLs in a specified path, or exact URLs.

When you add an exact URL, only the specified URL matches. Other URLs in the same domain or path do not match. For example, if you add the exact URL www.example.com/index.html, connections to www.example.com/main.html do not match.

When you add domains or paths, connections might match more than one URL. For example:

  • If you add an exact URL and a path that is part of the exact URL, both URLs match if the engine detects a request to the exact URL.

    For example, if you add the exact URL www.example.com/path/index.html and the path example.com/path/, both URLs match if the engine detects a request to http://www.example.com/path/index.html.

  • If you add a domain name followed by a slash, the URL List also matches connections to subdomains of the domain name.

    For example, if you enter example.com/, the URL List also matches connections to login.example.com and www.example.com.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Browse to Secure SD-WAN > Other Elements > Network Applications > By Type > URL List.
  3. Right-click URL List, then select New > URL List Application Application.
  4. Add one or more URLs.
    • To add the first URL, double-click the empty row.
    • To add a URL above an existing URL, right-click the URL and select Add.
    • To add a URL below an existing URL, right-click the empty space in the list and select Add.
    Tip: You can also paste a URL or a list of URLs into the field. Each line of text is automatically added on a separate line.
  5. Enter the URL without the http:// protocol.
    • To match all subdomains of a domain, enter the domain name followed by a slash (/).

      Example — example.com/

    • To match all URLs in the specified path, enter the path followed by a slash (/).

      Example — example.com/path/

    • To match an exact URL, enter the URL.

      Example — www.example.com/index.html

  6. (Optional) On the Tags tab, select the Tags that you want to use with this URL List Application.
  7. Click OK.

Next steps

To use the URL List Application element for URL filtering, add it to an Access rule.

URL List Application Properties dialog box

Use this dialog box to define custom lists of URLs to block or allow.

Option Definition
General tab
Name Specifies a unique name for the URL List Application.
URLs Specifies the URLs.
  • Edit URL — Enables editing for the selected row.
  • Add — Adds a row to the list.
  • Remove — Removes the selected row from the list.
Standard ports, unless otherwise specified in 'Service (Port)' field
Secure SD-WAN Versions Shows the Secure SD-WAN with which the URL List Application is compatible. Not editable. When creating new URL List Application elements, this option is blank.
Protocol Shows the protocol for the default port.
Default Ports Shows the default ports that the URL List Application matches. Not editable. When creating new URL List Application elements, this option is blank.
TLS Shows whether TLS is required, allowed, or forbidden.
Category Includes the Situation in predefined categories.
Select Opens the Category Selection dialog box.
Comment An optional comment for your own reference.
Option Definition
Tags tab
Name Shows the name of the tag.
Comment Shows the comment associated with the tag.
Type Shows the type of tag.
Add Tags Opens the dialog box to add a tag. Select from the available options:
  • Application Tag
  • Usage