Browser cookie-based FortiGuard Web Filtering overrides

By using browser cookie-based FortiGuard Web Filtering overrides, you can identify users according to their web browser cookie instead of their IP address and then to use this identification to apply FortiGuard Web Filtering overrides to individual users.

This feature uses the dynamic profile feature to assign a web filter profile that includes FortiGuard Web Filtering to a communication session. Just like normal FortiGuard Web Filtering overrides, when FortiGuard Web Filtering blocks access to a web page, the user can authenticate to override FortiGuard Web Filtering. However, with Browser cookie-based overrides enabled, the browser cookie is used to identify the user instead of the user’s IP address.

You can also go to Security Profiles > Web Filter > Configuration and configure the following browser cookie-based override settings.

Cookie (Browser Based) Override Configuration page

Provides settings for configuring the browser cookie-based override.

Override Validation Hostname Enter the override validation hostname in the field.

Override Validation Port            Enter the port number in the field.

How browser cookie-based FortiGuard Web Filtering overrides work

The following steps occur when a user’s session that can use browser cookie-based FortiGuard Web Filtering overrides is received:

1. The Dynamic Profile applies a profile to the user session in the normal way.
2. The user issues a request to a remote site blocked by FortiGuard Web Filtering.
3. For example, http://www.example.com.
4. FortiGuard Web Filtering blocks the page and provides an override link.
5. The user selects the override option and successfully authenticates.
6. The unit sends a cookie to the remote site that seems to come from the Override Validation Hostname.
7. The unit creates a second cookie to the user’s browser for the domain of the remote site.

For example, the domain could be example.com.

The rest of the communication between the user and the remote site is authorized with the unit by these cookies

URL Filter

Allow or block access to specific URLs by adding them to the URL filter list. Add patterns using text and regular expressions (or wildcard characters) to allow or block URLs. The unit allows or blocks web pages matching any specified URLs or patterns and displays a replacement message.

You can add multiple URL filter lists and then select the best URL filter list for each profile.

You can add the following to block or exempt URLs:

• complete URLs
• IP addresses
• partial URLs to allow or block all sub-domains Each URL filter list can have up to 5000 entries.

URL filter configuration settings

The following are URL filter configuration settings in Security Profiles > Web Filter > URL Filter.

URL blocking does not block access to other services that users can access with a web browser. For example, URL blocking does not block access to ftp://ftp.example.com. Instead, use firewall policies to deny FTP connections.

URL Filter page

Lists each URL filter that you created. On this page, you can edit, delete or create a new URL filter.

Create New	Creates a new URL filter list. When you select Create New, you are automatically redirected to the New List page. This page provides a name field and comment field. You must enter a name to go to the URL Filter Settings page.
Edit	Modifies settings within a URL filter list. When you select Edit, you are automatically redirected to the URL Filter Settings page.
Delete	Removes the URL filter list from the list on the URL Filter page. The Delete icon is only available if the URL filter list is not selected in any profiles. To remove multiple URL filter list from within the list, on the URL Filter page, in each of the rows of the file filter lists you want removed, select the check box and then select Delete. To remove all URL filter list from the list, on the URL Filter page, select the check box in the check box column and then select Delete.
Name	The available URL filter lists.
# Entries	The number of URL patterns in each URL filter list.
MMS Profiles (FortiOS Carrier only)	The name of the MMS profile
Comments	Optional description of each URL filter list.
Ref.	Displays the number of times the object is referenced to other objects. For example, av_1 profile is applied to a firewall policy; on the Profile page ( Security Profiles > AntiVirus > Profiles), 1 appears in Ref.. To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object. To view more information about how the object is being used, use one of the following icons that is avialable within the Object Usage window: •      View the list page for these objects – automatically redirects you to the list page where the object is referenced at. •      Edit this object – modifies settings within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a firewall policy and so, when this icon is selected, the user is redirected to the Edit Policy page. •      View the details for this object – table, similar to the log viewer table, contains information about what settings are configured within that particular setting that the object is referenced with. For example, av_1 profile is referenced with a firewall policy, and that firewall policy’s settings appear within the table.

URL Filter Settings page

Provides settings for configuring URLs that make up the URL filter, and also lists the URLs that you created. You are automatically redirected to this page from the New List Page. If you are editing a URL filter, you are automatically redirected to this page.

Name	If you are editing an existing URL filter setting and want to change the name, enter a new name in this field. You must select OK to save the change.
Comments	If you are editing an existing URL filter setting and want to change or add a description, enter the new text in this field. You must select OK to save these changes.
Create New	Adds a URL address and filter settings to the list. When you select Create New, you are automatically redirected to the New URL Filter list.
Edit	Modifies the settings within a URL filter.
Delete	Removes an entry from the list. To remove multiple URL filters from within the list, on the URL Filter Settings page, in each of the rows of the filters you want removed, select the check box and then select Delete. To remove all URL filters from the list, on the URL Filter Settings page, select the check box in the check box column and then select Delete.
Enable	Enables a filter in the list.
Disable	Disables a filter in the list.
Move To	Moves the URL to any position in the list. When you select Move To, the Move URL Filter window appears. To move a URL, select the new position Before or After, which will place the current URL entry before or after the entry you enter in the (URL) field. For example, 1example.com is being moved after 3example.com, so 3example.com is entered in the (URL) field.
Remove All Entries	Removes all filter entries within the list on the URL Filter Settings page.
Enable	Indicates whether the URL is enable or disabled. A green check mark indicates that the URL is enabled; a gray check mark indicates that the URL is disabled.
URL	The URL address.
Action	The type of action the unit will take when there is a match.
Type	The type of URL. For example, the type of URL is Regex.

New URL Filter page

Provides settings for configuring a URL to add to the filter list.

URL	Enter the URL.
Type	Select a type from the drop-down list: Simple, Regex (regular expression), or Wildcard.
Action	Select an action the unit will take. •      Allow – any attempt to access a URL that matches a URL pattern with an allow action is permitted. •      Exempt – similar to Pass in that it allows trusted traffic to bypass the antivirus proxy operations, but it functions slightly differently; ensure you are aware of the network topology involving URLs that you applied the Exemption action. Additional information about the Exempt action is found in the Security Profiles chapter of the FortiOS Handbook. •      Block – attempts to access any URLs matching the URL pattern are denied; user is presented with a replacement message. •      Pass – traffic to, and replay traffic from sites that match a URL pattern with a pass action will bypass all antivirus proxy operations, including FortiGuard Web Filter, web content filter, web script filters, and antivirus scanning. Make sure you trust the content of any site you pass, otherwise there may be a security risk.
Enable	Select to enable the URL. By default, the URL is enabled.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!