Apologies if this has been asked for - I tried to look but couldn't find the same
There's some info on the below mentioned thread but I still couldn't find my answer
I have no experience with url/web filtering and need to know if I need to purchase a license for the below scnario or not
We have a customer who will be providing a list of close to 30k URLs they need blocked
Need to filter only those and nothing else needed. Might need to block those and redirect to a customer page.
URLs could have http, https etc.
Do I need a license for it?
Also, is there a limit to maximum no. of URLs I can mention/defined manually in SRX
Any way to directly upload the list to device?
Models being used
SRX3400 and SRX4600
You don't need a subscription license to do local blacklists.
From what I can see, there is no redirect option when a url/IP is blocked - only a custom message. A brief example:
set security utm custom-objects url-pattern BLOCKED-URLS value http://*.bad.site
set security utm custom-objects custom-url-category BLACKLISTED-SITES value BLOCKED-URLS
set security utm feature-profile web-filtering url-blacklist BLACKLISTED-SITES
set security utm feature-profile web-filtering type juniper-local
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE default permit
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE custom-block-message "Access Prohibited"
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE fallback-settings default block
set security utm feature-profile web-filtering juniper-local profile BLOCK-SITE fallback-settings too-many-requests block
set security utm utm-policy UTM-POC web-filtering http-profile BLOCK-SITE
Also remember that this block message will only show on http connections. Https will not work as it won't give a functional https with the correct hostname.
You can still block both http and https site in the list.
You can modify the custom-list via netconf og similar.... there are many automation possibilities with Junos.
Please see below link for info on licensing: