Description
This article explains how to use static URL filtering without FortiGuard Web Filter license.
Solution
Place static URL entries and don't use category based blocking which uses FortiGuard.
Granular control over HTTPS websites is not possible without SSL inspection, but it is possible to block the URL domain as a whole.
Be cautious as this could cause issues with blocking legit sites if done incorrectly.
It's possible to define a filter to block wildcard and then add the sites to allow or even vice-versa.
Example.
Go to Security Profiles -> Web Filter
Select a web filter to edit.
Under Static URL Filter, enable URL Filter, and select Create New.
Enter the URL, without the “http” (this URL will not be checked by the FortiGuard. Hence, use static URL Filter without web filter license).
Select a Type: select Wildcard/simple/regex
Select the Action to take against matching URLs: Exempt/Allow/Block
Select Enable.
Select OK.
The syntax in the CLI for configuring an entry is:
#config webfilter urlfilter
edit <ID>
config entries
edit 1
set url <url>
set referrer-host <url>
set type {simple | regex | wildcard}
set action {block | allow | monitor | exempt}
set status {enable | disable}
end
end
end
Later call the same web filter profile to the IPv4 policy.
