Current Zscaler guidelines indicate URLs should have the host.domain format. We’ve identified some subdomains that are common in AiTM attacks and want to block URLs based of those keyword(s) strings. Is it possible filter URLs based on keywords only? Thanks.
So, yes, sort of. You can create a custom category that leverages Keywords in the URL. You can’t exactly limit it to a subdomain though so be careful how/where you use it.
Thanks Matt. I did some testing and that is working. Thanks.
Follow up question?? Is it possible to filter using a keyword AND the ‘Newly Registered and Observed Domains’ URL cat? Example would be if URL contains keyword AND is categorized as ‘Newly Registered and Observed Domains’ URL cat. Thanks.