Cloud NGFW for AWS
    : Create a Custom URL Category for Cloud NGFW on AWS
    Focus
    Download PDF
    Focus
    1. Home
    2. AWS
    3. Cloud NGFW for AWS
    4. Cloud NGFW for AWS Rulestacks and Rules
    5. Cloud NGFW for AWS Security Rule Objects
    6. Create a Custom URL Category for Cloud NGFW on AWS
    Download PDF

    Cloud NGFW for AWS

    Create a Custom URL Category for Cloud NGFW on AWS

    Table of Contents

    Create a Custom URL Category for Cloud NGFW on AWS

    Palo Alto Networks provides a set of predefined URL filtering categories. You can also specify your own URL filtering categories using a customer URL category object. For example, create a custom list of URLs that you want to use as match criteria in a Security policy rule. This is a good way to specify exceptions to URL categories, where you’d like to enforce specific URLs differently than the URL category to which they belong.

    Create a Custom URL Category

    1. Select
      Rulestacks
       and select a previously-created rulestack on which to configure a custom URL category.
    2. Select
      Objects
      Custom URL Category
      Create Custom URL Category
      .
    3. Enter a descriptive
      Name
       for your custom URL category.
    4. (
      optional
      ) Enter a description for your custom URL category.
    5. Enter one or more
      URL List
      , one per line.
    6. Click
      Save
      .

    Basic Guidelines For URL Category Exception Lists

    • Enter the URLs of websites that you want to enforce separately from the associated URL category.
    • List entries must be an exact match and are case-insensitive.
    • Enter a string that is an exact match to the website (and possibly, specific subdomain) for which you want to control access, or use wildcard characters to allow an entry to match to multiple website subdomains. For details on using wildcard characters, review Wildcard Guidelines for URL Category Exception Lists.
    • Omit
      http
       and
      https
       from URL entries.
    • Each URL entry can be up to 255 characters in length.

    Wildcard Guidelines for URL Category Exception Lists

    You can use wildcards in URL category exception lists to easily configure a single entry to match to multiple website subdomains and pages, without having to specify exact subdomains and pages.
    Follow these guidelines when creating wildcard entries:
    • The following characters are considered token separators: . / ? & = ; +
      Every string separated by one or two of these characters is a token. Use wildcard characters as token placeholders, indicating that a specific token can contain any value.
    • In place of a token, use either an asterisk (*) or a caret (^) to indicate a wildcard value.
    • Wildcard characters must be the only character within a token. For example, www.gmail*.com would be invalid because the asterisk follows other characters. An entry can contain multiple wildcards, however.

    How to Use Asterisk (*) and Caret (^) Wildcards

    *
    Use to indicate one or more variable subdomains. If you use
    *
    , the entry will match any additional subdomains, whether at the beginning or the end of the URL.
    Ex:
    • *.paloaltonetworks.com
       matches www.paloaltonetworks.com and www.paloaltonetworks.com.uk.
    • *.paloaltonetworks.com/
       matches www.paloaltonetworks.com but not www.paloaltonetworks.com.uk.
    ^
    Use to indicate one variable subdomain.
    Ex:
    mail.^.com
     matches to mail.company.com but not mail.company.sso.com.
    Do not create an entry with consecutive asterisk (*) wildcards or more than nine consecutive caret (^) wildcards—entries like these can affect firewall performance.
    For example, do not add an entry like
    mail.*.*.com
    ; instead, depending on the range of websites you want to control access to, enter
    mail.*.com
     or
    mail.^.^.com
    . An entry like
    mail.*.com
     matches to a greater number of sites than
    mail.^.^.com
    ;
    mail.*.com
     matches to sites with any number of subdomains and
    mail.^.^.com
     matches to sites with exactly two subdomains.

    URL Category Exception List—Wildcard Examples

    The following table displays example URL list entries using wildcards and sites matching these entries.
    URL Exception List Entry
    Matching Sites
    Example Set 1
    *.company.com
    eng.tools.company.com
    support.tools.company.com
    tools.company.com
    docs.company.com
    ^.company.com
    tools.company.com
    docs.company.com
    ^.^.company.com
    eng.tools.company.com
    support.tools.company.com
    Example Set 2
    mail.google.*
    mail.google.com
    mail.google.co.uk
    mail.google.example.org
    mail.google.^
    mail.google.com
    mail.google.info
    mail.google.^.^
    mail.google.co.uk
    mail.google.example.info
    Example Set 3
    site.*.com
    site.yourname.com
    site.abc.xyz.com
    site.^.com
    site.company.com
    site.example.com
    site.^.^.com
    site.a.b.com
    site.com/*
    site.com/photos
    site.com/blog/latest
    any site.com subdirectory

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.