Configuring web filter profiles with Hebrew domain names
The domain name URLs in web filter profiles can be configured with non-ASCII characters, such as in Hebrew. Any configured domain name in non-ASCII characters is encoded into Punycode format, then the domain name in Punycode format is used to match the domain name in the HTTP request for URL filtering purposes.
In the following example, a Hebrew URL (איגוד-האינטרנט.ישראל
) is blocked in by a static URL filter. The URL translates to:
xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce
in Punycodeen.isoc.org.il
in English
To configure the web filter profile in the GUI:
-
Go to Security Profiles > Web Filter and click Create New.
-
Enter a profile Name.
-
In the Static URL Filter section, enable URL Filter and click Create New.
-
Enter the Hebrew URL and set the Action to Block. The URL can be entered in Hebrew.
-
Click OK to save the filter. The URL appears in Hebrew in the URL filter table.
-
Click OK to save the web filter profile.
-
Edit the web filter profile. The URL in the table has been converted by the FortiGate into Punycode.
In the CLI, Punycode must be used to configure the Hebrew URL. |
To configure the web filter profile in the CLI:
config webfilter urlfilter edit 1 set name "Auto-webfilter-urlfilter_0wedo5f1c" config entries edit 1 set url "xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce" set action block next end next end
To verify the configuration:
-
From a client, access the Hebrew URL over HTTPS. The website is blocked by the FortiGate.
-
The content of the replacement message displayed in the browser depends on the inspection mode.
-
In flow mode (current configuration), the URL is displayed in Hebrew.
-
In proxy mode, the URL is displayed in Punycode.
-
To verify the logs:
-
Go to Log & Report > Security Events and select the Web Filter card.
-
Select a log and click Details. The format of the Hostname and URL fields depends on the inspection mode.
-
In flow mode, the Hostname is displayed in Punycode with Hebrew in parentheses. The URL is displayed Punycode.
When the log file is downloaded, the hostname in the raw file cannot be displayed. Paste the log into a text editor (such as Word or Notepad) to view the URL in Hebrew.
# execute log display 2 logs found. 2 logs returned. 1: date=2023-03-20 time=09:43:57 eventtime=1679330638045179264 tz="-0700" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="vdom1" urlfilteridx=10 urlfilterlist="Hebrew-url" policyid=1 poluuid="d0c84854-c736-51ed-d761-71527ca0b446" policytype="policy" sessionid=6987 srcip=10.1.100.125 srcport=54542 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" srcuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" dstip=172.67.148.48 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" proto=6 httpmethod="GET" service="HTTPS" hostname="איגוד-האינטרנט.ישראל" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" profile="webfilter_flowbase" action="blocked" reqtype="referral" url="https://איגוד-האינטרנט.ישראל/favicon.ico" referralurl="https://xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce/" sentbyte=496 rcvdbyte=0 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high" 2: date=2023-03-20 time=09:43:57 eventtime=1679330637755477060 tz="-0700" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="vdom1" urlfilteridx=10 urlfilterlist="Hebrew-url" policyid=1 poluuid="d0c84854-c736-51ed-d761-71527ca0b446" policytype="policy" sessionid=6982 srcip=10.1.100.125 srcport=54540 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" srcuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" dstip=172.67.148.48 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" proto=6 httpmethod="GET" service="HTTPS" hostname="איגוד-האינטרנט.ישראל" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" profile="webfilter_flowbase" action="blocked" reqtype="direct" url="https://איגוד-האינטרנט.ישראל/" sentbyte=546 rcvdbyte=0 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high"
-
In proxy mode, the Hostname is displayed in Hebrew with Punycode in parentheses. The URL is displayed Punycode.
When the log file is downloaded, the hostname in the raw file is displayed in Punycode.
# execute log display 2 logs found. 2 logs returned. 1: date=2023-03-20 time=09:38:44 eventtime=1679330324572766407 tz="-0700" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="vdom1" urlfilteridx=1 urlfilterlist="Hebrew-url" policyid=1 poluuid="d0c84854-c736-51ed-d761-71527ca0b446" policytype="policy" sessionid=6782 srcip=10.1.100.125 srcport=50527 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" srcuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" dstip=104.21.55.132 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" proto=6 httpmethod="GET" service="HTTPS" hostname="xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" profile="webfilter" action="blocked" reqtype="referral" url="https://xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce/favicon.ico" referralurl="https://xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce/" sentbyte=1402 rcvdbyte=5473 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high" 2: date=2023-03-20 time=09:38:44 eventtime=1679330324438504542 tz="-0700" logid="0315012544" type="utm" subtype="webfilter" eventtype="urlfilter" level="warning" vd="vdom1" urlfilteridx=1 urlfilterlist="Hebrew-url" policyid=1 poluuid="d0c84854-c736-51ed-d761-71527ca0b446" policytype="policy" sessionid=6782 srcip=10.1.100.125 srcport=50527 srccountry="Reserved" srcintf="port2" srcintfrole="undefined" srcuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" dstip=104.21.55.132 dstport=443 dstcountry="United States" dstintf="port1" dstintfrole="undefined" dstuuid="4074dca4-c736-51ed-0e0e-7a6b5ec6b7b9" proto=6 httpmethod="GET" service="HTTPS" hostname="xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" profile="webfilter" action="blocked" reqtype="direct" url="https://xn----zhcbgfhe2aacg8fb5i.xn--4dbrk0ce/" sentbyte=1171 rcvdbyte=4930 direction="outgoing" urlsource="Local URLfilter Block" msg="URL was blocked because it is in the URL filter list" crscore=30 craction=8 crlevel="high"
-
If a FortiGuard category-based filter is configured in a web filter profile, the same behavior for replacement messages and logs applies based on the inspection mode. |