SRX

Hi all

When configuring the local web URL filter on the SRX is it compulsory to have a blackllist or could you have a whitelist with the URL(s) you wish to permit then next utilise the default action of block to deny everything else?

This may seem like a daft question but I tried this the other day on a vSRX and it appeared that everything was permitted regardless of the requested URL. Thinking I may have missed something, a quirk perhaps of how this is supposed to work.

Thank you.
#blacklist
#Webfilter
#whitelist
#Urlfilter

Your understanding is correct. Just configure white list to allow the specific URLS you want to allow and configure default block to block everything else.

root@srx> show configuration security utm
custom-objects {
url-pattern {
url1 {
value www.google.com;
}
}
custom-url-category {
Google {
value [ url1];
}
}
}
feature-profile {
web-filtering {
url-whitelist Google;
type juniper-local;
juniper-local {
profile Test {
default block;
}
}
}
}

root@srx >

https://www.juniper.net/documentation/en_US/junos/topics/example/utm-web-filtering-local-custom-object-configuring-cli.html

Thank you Suraj

I'll try again tomorrow once more and hopefully get it to work this time. I either misconfigured or didn't test properly last time. I'll update this thread after.

Hi Suraj

I realised I had configured the 'default block' command under the 'fallback-settings' and not directly under the 'juniper-local' profile itself. Now that I've done that it works as intended.

 

Thank you.

Hello ,

 

refering to this KB iam unable to create categroy in juniper local profile under web filter . as per KB category can be defind in profile itself . please help

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-utm-local-web-filtering.html