Created on 02-05-2008 12:00 AM Edited on 03-20-2024 07:00 AM By Jean-Philippe_P
Description
The article describes the possibility of HTTP URL access by IP (for example https://IP.IP.IP.IP/index.htm).
Scope
Tested in FortiOS 3.0 / 4.0.
This serves as an example only. REGEX Syntax has changed in newer (supported) versions, so these examples may not apply correctly.
Solution
To block a website using the IP, create a URL filter entry, using the additional information below.
Note that this is only effective with HTTP (or when applying a Deep Inspection profile in the policy).
Two URL filter entries need to be created: one to allow website names in different variants, and one to block access via IP.
The second filter blocks any IP address lookup.
To add the URL filter entries:
Enter the the URL of [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} (format of 4 groups of up to 3 digits, delimited by dots).
Set the Type to Regex, set the Action to Block, and Select OK.
Position these at the end of the URL filter list so that any exemptions or blocks before that are still effective.
Both of these filter entries are required. If only entering the second one, the FortiGate unit will also catch a URL lookup as they both behave similarly after the URL is resolved to an IP. The first entry is needed to break out of the URL filter and allow the website before it does the second check if they entered text.
Note: Fortinet TAC support does not offer support for REGEX customization or formatting.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.