Configuring fortigate web pattern blocking, Configuring – Fortinet FortiGate 50A User Manual
Page 237
Web filtering
URL blocking
FortiGate-50A Installation and Configuration Guide
237
Figure 38: Example URL block list text file
You can either create the URL block list or add a URL list created by a third-party URL
block or blacklist service. For example, you can download the squidGuard blacklists
available at http://www.squidguard.org/blacklist/ as a starting point for creating a URL
block list. Three times per week, the squidGuard robot searches the web for new
URLs to add to the blacklists. You can upload the squidGuard blacklists to the
FortiGate unit as a text file, with only minimal editing to remove comments at the top of
each list and to combine the lists that you want into a single file.
To upload a URL block list
1
In a text editor, create the list of URLs and patterns that you want to block.
2
Using the web-based manager, go to Web Filter > Web URL Block.
3
Select Upload URL Block List
.
4
Type the path and filename of the URL block list text file, or select Browse and locate
the file.
5
Select OK to upload the file to the FortiGate unit.
6
Select Return to display the updated Web URL block list.
Each page of the Web URL block list displays 100 URLs.
7
Use Page Down
and Page Up
to navigate through the Web URL block list.
8
You can continue to maintain the Web URL block list by making changes to the text
file and uploading it again.
Configuring FortiGate Web pattern blocking
You can configure FortiGate web pattern blocking to block web pages that match a
URL pattern. Create URL patterns using regular expressions (for example,
badsite.* matches badsite.com, badsite.org, badsite.net and so on).
FortiGate web pattern blocking supports standard regular expressions. You can add
up to 20 patterns to the web pattern block list.
To add patterns to the Web pattern block list
1
Go to Web Filter > URL Block > Web Pattern Block.
2
Select New to add an item to the Web pattern block list.
3
Type the web pattern that you want to block.
You can use standard regular expressions for web patterns.
www.badsite.com/index 1
www.badsite.com/products 1
182.63.44.67/index 1
Note: All changes made to the URL block list using the web-based manager are lost when you
upload a new list. However, you can download your current URL block list, add more items to it
using a text editor, and then upload the edited list to the FortiGate unit.
Note: URL blocking does not block access to other services that users can access with a web
browser. For example, URL blocking does not block access to ftp://ftp.badsite.com.
Instead, you can use firewall policies to deny FTP connections.