Netscreen Malicious URL - how to?

From: Purl Gurl (
Date: 05/22/04

Date: Sat, 22 May 2004 09:41:28 -0700

I am having difficulties setting a user defined
malicious url entry for a Netscreen 5 series
firewall appliance.

No problems making the entries, have some working
just fine, or seems so. However, I am having problems
with an URL which contains a tilde ~ in the URL address.

An example "pretend" firewall entry,


My firewall would show an entry,

User defined URL Protection: On
    id: TEST, pattern: GET /~USERNAME/SOMEPAGE.HTML, length: 28

I have also tried this with URL encoded %7e to replace the tilde,

User defined URL Protection: On
    id: TEST, pattern: GET /~USERNAME/SOMEPAGE.HTML, length: 28
    id: TEST2, pattern: GET /%7EUSERNAME/SOMEPAGE.HTML, length: 30

Anyone have any thoughts on why Netscreen cannot capture
those pattern matches? Is it the ~ tilde causing problems?

Those entries do work for both inbound and outbound, correct?
There are no notes on this inbound versus outbound. Otherwords,
if somebody out on the internet requests that specific URL
on our server, it would be blocked? Does this need to be
linked to the "untrusted" side policy?

I have tested those types of entries by connecting to an
external proxy server then coming back into our server.
Darn if I don't pass right on through!

All comments, regardless of how seemingly unimportant,
are greatly appreciated. I have been researching this
for several weeks and cannot turn up a single reference
source which addresses this _specific_ problem. I have
tons of pdf files for Netscreen, have spent hours going
through them, but nada! Netscreen, which is now another
company, no longer offers support for older products.

Your input is greatly valued!


Purl Gurl

