URL Filtering Overrides

Select ObjectsSecurity ProfilesURL FilteringOverrides to define website block and allow lists, and to allow password-based access to certain sites.
Overrides Settings
Description
Action on License Expiration
With BrightCloud:
If you are using the BrightCloud database, you can configure the action to take if the URL filtering license expires:
  • Block—Blocks access to all web sites. Upon license expiration, all URLs are blocked, not just the URL categories previously set to block.
  • Allow—Allows access to all web sites. Upon license expiration, all URLs are allowed, not just the URL categories set to allow.
With PAN-DB:
If the license expires for PAN-DB:
  • URL categories that are currently in the cache will be used to either block or allow content based on your configuration. Using cached results is a security risk because the categorization information might be stale.
  • URLs that are not in the cache will be categorized as not-resolved and will be allowed.
Always renew your license in time to ensure network security.
Allow List
Block List
You can exclude specific websites from URL category enforcement in order to enforce that website separately from the associated URL category. Add sites you want to always allow to the Allow List, and add sites to the Block List that you block, alert on, password protect, or warn users against accessing.
Enter one IP address or URL on each line of the block or allow list, and you can use wildcards to easily configure a single entry to match to multiple website subdomains and pages, without having to specify each exact subdomain or page.
For guidelines on using adding URL entries to the block and allow lists, especially on how to most effectively use wildcards, review URL Category Exception Lists.
Do not add an entry with consecutive asterisk (*) wildcards or nine or more consecutive caret (^) wildcards—entries like these can negatively impact firewall performance.
For example, do not add the entry mail.*.*.com; instead, enter either mail.*.com or mail.^.^.com. Note that an entry like mail.*.com matches to a greater number of sites than mail.^.^.com; mail.*.com matches to sites with any number of subdomains and mail.^.^.com matches to sites with exactly two subdomains.
For details on creating Wildcard entries, see wildcard guidelines and examples.
If you would like to use an External Dynamic List to dynamically update the list of URLs that you wish to allow (without a commit), see Objects > External Dynamic Lists.
Action
(Applies only to sites in the Block List)
Select the action to take when a web site in the block list is accessed.
  • alert—Allow the user to access the web site, but add an alert to the URL log.
  • block—Block access to the web site.
  • continue—Allow the user to access the blocked page by clicking Continue on the block page.
  • override—Allow the user to access the blocked page after entering a password. The password and other override settings are specified in the URL Admin Override area of the Settings page (refer to the Management Settings table in Device > Setup > Management).

Related Documentation