Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit a URL filter

Create or edit a URL filter

You can allow or block access to specific web sites by adding them to the URL filter list. You add the web sites by using patterns containing text and regular expressions. The FortiProxy unit allows or blocks web pages matching any specified URLs or patterns and displays a replacement message instead.

Web site blocking does not block access to other services that users can access with a web browser. For example, web site blocking does not block access to ftp://ftp.example.com. Instead, use firewall policies to deny ftp connections.

When adding a URL to the web site filter list, follow these rules:

  • Type a top-level URL or IP address to control access to all pages on a web site. For example, www.example.com or 192.168.144.155 controls access to all pages at these web sites.

  • Enter a top-level URL followed by the path and file name to control access to a single page on a web site. For example, www.example.com/monkey.html or 192.168.144.155/monkey.html controls access to the monkey page on this web site.

  • To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on.

  • Control access to all URLs that match patterns using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.

URLs with an action set to exempt or pass are not scanned for viruses. If users on the network download files through the FortiProxy unit from a trusted web site, add the URL of this web site to the URL filter list with an action to pass it, so the unit does not scan files downloaded from this URL.
To create a URL filter:

  1. Go to Security Profiles > Web Filter.

  2. Click Create New or select a web filter profile and then click Edit.

  3. Enable URL Filter.

  4. In the URL Filter table, click Create New. The New URL Filter window opens.

  5. Enter the URL to filter in the URL field. Enter a top-level domain suffix (for example, “com” without the leading period) to block access to all web sites with this suffix.

  6. Select the type of pattern to match: Simple, Reg. Expression, or Wildcard.

  7. Select the action to take when the pattern is matched:

    • Exempt: Allow trusted traffic to bypass the antivirus proxy operations.

    • Block: Block access to any URLs matching the URL pattern and display a replacement message. SeeReplacement Messages.

    • Allow: Allow access to any URL that matches the URL pattern.

    • Monitor: Monitor traffic to and from URLs matching the URL pattern.

  8. Enable or disable the status of the filter to make the filter active or inactive.

  9. Enter the referrer host name.

  10. Click OK to save the URL filter.

  11. Click OK to save the changes to the web filter profile.

To edit a URL filter:

  1. Go to Security Profiles > Web Filter.

  2. Click Create New or select a web filter profile and then click Edit.

  3. In the URL Filter table, double-click on a filter or select the filter and then click Edit in the toolbar.

  4. Edit the filter settings as required.

  5. Click OK to save your changes to the URL filter.

  6. Click OK to save the changes to the web filter profile.

Previous
Next

Create or edit a URL filter

You can allow or block access to specific web sites by adding them to the URL filter list. You add the web sites by using patterns containing text and regular expressions. The FortiProxy unit allows or blocks web pages matching any specified URLs or patterns and displays a replacement message instead.

Web site blocking does not block access to other services that users can access with a web browser. For example, web site blocking does not block access to ftp://ftp.example.com. Instead, use firewall policies to deny ftp connections.

When adding a URL to the web site filter list, follow these rules:

  • Type a top-level URL or IP address to control access to all pages on a web site. For example, www.example.com or 192.168.144.155 controls access to all pages at these web sites.

  • Enter a top-level URL followed by the path and file name to control access to a single page on a web site. For example, www.example.com/monkey.html or 192.168.144.155/monkey.html controls access to the monkey page on this web site.

  • To control access to all pages with a URL that ends with example.com, add example.com to the filter list. For example, adding example.com controls access to www.example.com, mail.example.com, www.finance.example.com, and so on.

  • Control access to all URLs that match patterns using text and regular expressions (or wildcard characters). For example, example.* matches example.com, example.org, example.net and so on.

URLs with an action set to exempt or pass are not scanned for viruses. If users on the network download files through the FortiProxy unit from a trusted web site, add the URL of this web site to the URL filter list with an action to pass it, so the unit does not scan files downloaded from this URL.
To create a URL filter:

  1. Go to Security Profiles > Web Filter.

  2. Click Create New or select a web filter profile and then click Edit.

  3. Enable URL Filter.

  4. In the URL Filter table, click Create New. The New URL Filter window opens.

  5. Enter the URL to filter in the URL field. Enter a top-level domain suffix (for example, “com” without the leading period) to block access to all web sites with this suffix.

  6. Select the type of pattern to match: Simple, Reg. Expression, or Wildcard.

  7. Select the action to take when the pattern is matched:

    • Exempt: Allow trusted traffic to bypass the antivirus proxy operations.

    • Block: Block access to any URLs matching the URL pattern and display a replacement message. SeeReplacement Messages.

    • Allow: Allow access to any URL that matches the URL pattern.

    • Monitor: Monitor traffic to and from URLs matching the URL pattern.

  8. Enable or disable the status of the filter to make the filter active or inactive.

  9. Enter the referrer host name.

  10. Click OK to save the URL filter.

  11. Click OK to save the changes to the web filter profile.

To edit a URL filter:

  1. Go to Security Profiles > Web Filter.

  2. Click Create New or select a web filter profile and then click Edit.

  3. In the URL Filter table, double-click on a filter or select the filter and then click Edit in the toolbar.

  4. Edit the filter settings as required.

  5. Click OK to save your changes to the URL filter.

  6. Click OK to save the changes to the web filter profile.

Previous
Next