Webfilter whitelist IP range

Question

I need some help with a filter action, everything is blocked by default and I would like to allow an IP range / 104.199.64.0/24 and 104.199.65.0/24 /. I tried this regex ^https?://104\.199\.65\d+.* but it's not working, I see the block in the log. Thanks in advance

This thread was automatically locked due to age.

DouglasFoster · Accepted Answer

On the contrary. Did not mean to make you despair. 
 If you are using an explicit IP address as your URL, that is what Web Filter will evaluate. Many times, people want to block a DNS name using an IP address rule, and that is what does not work. 
 Your regex looks fine. A partial match should also work, so you could trim it to ^https?://104\.199\.65\d+ or ^https?://104\.199\.65 
 Regex works, so something else is going on. Check the logs to see if your traffic is really going through the Filter_Profile-Policy-Filter_Action sequence that has the exception. Filter Action is not in the logs, because it is determined by policy. 
 But the transparent mode destination skip list will also work, as long as Transparent Mode is what you are using. With Standard Mode, you need to exclude the IP URLs from the proxy script, then exclude it again with the Transparent Mode Skip List. Then the Firewall Rules can allow it to pass. 
 Note that if the skip list is used, the traffic is logged in the Firewall log rather than the webfilter log.

DouglasFoster · Answer

webfiltering is based on URL, not on I.P. You need to whitelust the FQDNs as well, or more likely, instead of the IP address. 
 In the web world, host names determine behavior, so host nanes drive tbe filtering logic.