URL Category Exception Lists
You can create URL category exception lists to allow
access to specific URLs in a blocked category or block specific
URLs in an allowed category.
You can exclude specific websites from URL category
enforcement, ensuring that these websites are blocked or allowed
regardless of their associated URL category. For example, you can
allow access to Twitter even if you have blocked the social-networking
category. To create these kinds of exceptions to URL category enforcement:
- Add the IP addresses or URLs of the sites you want to block or allow (regardless of their associated URL category) directly to a URL Filtering profile ().ObjectsSecurity ProfilesURL FilteringOverrides
- Use an external dynamic list in a URL Filtering profile. The benefit to using an external dynamic list to specify the sites you want to enforce separately from their URL categories is that you can update the list without performing a configuration change or commit on the firewall.
The following guidelines describe how to populate URL Category
block and allow lists, or a text file that you’re using as the source
of an external dynamic list for URLs:
Basic Guidelines For URL Category Exception Lists
- Enter the IP addresses or URLs of websites that you want to enforce separately from the associated URL category.
- List entries must be an exact match and are case-insensitive.
- You can enter a string that is an exact match to the website (and possibly, specific subdomain) for which you want to control access, or you can use wildcard characters to allow an entry to match to more than one website subdomain. For details on using wildcard characters, review Wildcard Guidelines for URL Category Exception Lists.
- Omithttpandhttpsfrom URL entries.
- Each URL entry can be up to 255 characters in length.
Wildcard Guidelines for URL Category Exception Lists
You can use wildcards in URL Category exception lists
to easily configure a single entry to match to multiple website
subdomains and pages, without having to specify exact subdomains
and pages.
Follow these guidelines when creating wildcard entries:
- The following characters are considered token separators: . / ? & = ; +Every string separated by one or two of these characters is a token. Use wildcard characters as token placeholders, indicating that a specific token can contain any value.
- In place of a token, you can use either an asterisk (*) or a caret (^).
- Wildcard characters must be the only character within a token; however, an entry can contain multiple wildcards.
How to Use Asterisk (*) and Caret (^) Wildcards
You
can use either
*
and ^
as
wildcards in your custom categories and URL EDLs, but you cannot
use both at the same time. This means that if you use *
to
represent a wildcard in one custom category or URL EDL, you must
use *
as the wildcard in every other custom
category or URL EDL in your configuration—you can no longer use ^
.
For example, you cannot have one custom category or EDL that contains ^.foo.com
and
a separate custom category or URL EDL that contains www.xyz.com/*
. For
details about how to use each wildcard, see below:
* | Use to indicate one or more variable subdomains. If
you use * , the entry will match any additional
subdomains, whether at the beginning or the end of the URL. Use
a forward slash at the end of the entry if you do not want to match
any additional subdomains beyond that point.Ex:
|
^ | Use to indicate one variable subdomain. Ex: mail.^.com matches to
mail.company.com but not mail.company.sso.com. |
Do not create an
entry with consecutive asterisk (*) wildcards or more than nine
consecutive caret (^) wildcards—entries like these can affect firewall
performance.
For example, do not add an entry like
mail.*.*.com
; instead,
depending on the range of websites you want to control access to,
enter mail.*.com
or mail.^.^.com
.
An entry like mail.*.com
matches to a greater
number of sites than mail.^.^.com
; mail.*.com
matches
to sites with any number of subdomains and mail.^.^.com
matches
to sites with exactly two subdomains.URL Category Exception List—Wildcard Examples
The following tables list examples of URL exception
list entries using wildcards, and examples of the sites that these
entries match to.
URL Exception List Entry | Matching Sites |
---|---|
Example Set 1 | |
*.company.com | eng.tools.company.com support.tools.company.com tools.company.com docs.company.com |
^.company.com | tools.company.com docs.company.com |
^.^.company.com | eng.tools.company.com support.tools.company.com |
Example Set 2 | |
mail.google.* | mail.google.com mail.google.co.uk |
mail.google.^ | mail.google.com |
mail.google.^.^ | mail.google.co.uk |
Recommended For You
Recommended Videos
Recommended videos not found.