Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎01-29-2010 06:20 AM Edited on ‎12-16-2021 02:44 PM By Anonymous

Article Id 190202

Technical Note : filtering URLs containing special characters - Punycode encoding - International Domain Name - UTF8

Description
Some URLs

defined in an International Domain Name (IDN*) format contain special characters such as : ñ , ü , ă , ù , á, î , ö , ý ...

IDNs are converted into an ASCII encoding (named PunyCode) by applications such as Web browsers or nslookup.  The Punycode domain name is then sent over the network (DNS query, HTTP GET query, ...).

To perform Web URL filtering for such URLs, the FortiGate must be configured with the

Punycode domain name conversation.

(*) International domain name (IDN) is covered in the following RFCs : RFC3490, RFC3491, RFC3492 and RFC3454.

Solution
Some tools are available on Internet to convert IDN into ACE Punycode.

For example, the Punycode for  www.mýdömáînnáme.com  is  www.xn--mdmnnme-jwac1kqdzd.com

This is a CLI configuration to perform Web URL filtering on  www.mýdömáînnáme.com :


config webfilter urlfilter
    edit 1
        set comment "PunyCode Filter"
            config entries
                edit "www.xn--mdmnnme-jwac1kqdzd.com"
                    set action block
                next
            end
        set name "myURLFilter"
    next
end




Labels:
2205
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.