Fortinet 50A Configuring FortiGate Web pattern blocking

Web filtering URL blocking

FortiGate-50A Installation and Configuration Guide 237

Figure 38: Example URL block list text file

You can either create the URL block list or add a URL list created by a third-party URL

block or blacklist service. For example, you can download the squidGuard blacklists

available at http://www.squidguard.org/blacklist/ as a starting point for creating a URL

block list. Three times per week, the squidGuard robot searches the web for new

URLs to add to the blacklists. You can upload the squidGuard blacklists to the

FortiGate unit as a text file, with only minimal editing to remove comments at the top of

each list and to combine the lists that you want into a single file.

To upload a URL block list

1In a text editor, create the list of URLs and patterns that you want to block.

2Using the web-based manager, go to Web Filter > Web URL Block.

3Select Upload URL Block List .

4Type the path and filename of the URL block list text file, or select Browse and locate

the file.

5Select OK to upload the file to the FortiGate unit.

6Select Return to display the updated Web URL block list.

Each page of the Web URL block list displays 100 URLs.

7Use Page Down and Page Up to navigate through the Web URL block list.

8You can continue to maintain the Web URL block list by making changes to the text

file and uploading it again.

Configuring FortiGate Web pattern blocking

You can configure FortiGate web pattern blocking to block web pages that match a

URL pattern. Create URL patterns using regular expressions (for example,

badsite.* matches badsite.com, badsite.org, badsite.net and so on).

FortiGate web pattern blocking supports standard regular expressions. You can add

up to 20 patterns to the web pattern block list.

To add patterns to the Web pattern block list

1Go to Web Filter > URL Block > Web Pattern Block.

2Select New to add an item to the Web pattern block list.

3Type the web pattern that you want to block.

You can use standard regular expressions for web patterns.

www.badsite.com/index 1

www.badsite.com/products 1

182.63.44.67/index 1

Note: All changes made to the URL block list using the web-based manager are lost when you

upload a new list. However, you can download your current URL block list, add more items to it

using a text editor, and then upload the edited list to the FortiGate unit.

Note: URL blocking does not block access to other services that users can access with a web

browser. For example, URL blocking does not block access to ftp://ftp.badsite.com.

Instead, you can use firewall policies to deny FTP connections.