Created on 01-29-2010 06:20 AM Edited on 12-16-2021 02:44 PM By Anonymous
Description
Some URLs
defined in an International Domain Name (IDN*) format contain special characters such as : ñ , ü , ă , ù , á, î , ö , ý ...
IDNs are converted into an ASCII encoding (named PunyCode) by applications such as Web browsers or nslookup. The Punycode domain name is then sent over the network (DNS query, HTTP GET query, ...).
To perform Web URL filtering for such URLs, the FortiGate must be configured with the
Punycode domain name conversation.
(*) International domain name (IDN) is covered in the following RFCs : RFC3490, RFC3491, RFC3492 and RFC3454.
Solution
Some tools are available on Internet to convert IDN into ACE Punycode.
For example, the Punycode for www.mýdömáînnáme.com is www.xn--mdmnnme-jwac1kqdzd.com
This is a CLI configuration to perform Web URL filtering on www.mýdömáînnáme.com :
config webfilter urlfilter edit 1 set comment "PunyCode Filter" config entries edit "www.xn--mdmnnme-jwac1kqdzd.com" set action block next end set name "myURLFilter" next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.