Description
The article describes the possibility of HTTP URL access by IP (for example https://IP.IP.IP.IP/index.htm).
Scope
Tested in FortiOS 3.0 / 4.0.
This serves as an example only. REGEX Syntax has changed in newer (supported) versions, so these examples may not apply correctly.
Solution
To block a website using the IP, create a URL filter entry, using the additional information below.
Note that this is only effective with HTTP (or when applying a Deep Inspection profile in the policy).
Two URL filter entries need to be created: one to allow website names in different variants, and one to block access via IP.
The second filter blocks any IP address lookup.
To add the URL filter entries:
- Allow name with text: select Create New to add a filter group.
Select Create New for a new filter. Enter the the URL of ^([a-z0-9-]+\.){1,}[a-z]+.
Set the Type to Regex., Action to Allow, Select OK to apply.
- Block any site by IP: select Create New.
Enter the the URL of [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} (format of 4 groups of up to 3 digits, delimited by dots).
Set the Type to Regex, set the Action to Block, and Select OK.
Position these at the end of the URL filter list so that any exemptions or blocks before that are still effective.
Both of these filter entries are required. If only entering the second one, the FortiGate unit will also catch a URL lookup as they both behave similarly after the URL is resolved to an IP. The first entry is needed to break out of the URL filter and allow the website before it does the second check if they entered text.
Note: Fortinet TAC support does not offer support for REGEX customization or formatting.
