Steps for url blocking without license for http traffic:
1. Create URL pattern (eg: youtube-block, url, Fb1)
set security utm custom-objects url-pattern youtube-block value "http://www.youtube.com/watch?v=n3sYq4Y9hIQ"
set security utm custom-objects url-pattern url value "http://www.youtube.com/watch?v=LX0Ced3G5eg"
set security utm custom-objects url-pattern Fb1 value "http://www.facebook.com/rajesh.achari.75?sk=wall"
set security utm custom-objects url-pattern Fb1 value http://www.facebook.com/king.rajesh.921
set security utm custom-objects url-pattern Fb1 value "https://www.facebook.com/king.rajesh.921?fref=ts"
set security utm custom-objects url-pattern Fb1 value "http://www.facebook.com/jaihomullichodbaba?ref=profile"
set security utm custom-objects url-pattern Fb1 value "http://www.facebook.com/manoj.kaushal.7121?fref=ts"
2. Add the url (youtube-block, url, Fb1) to category-list (youtube-block-custom)
set security utm custom-objects custom-url-category youtube-block-custom value youtube-block
set security utm custom-objects custom-url-category youtube-block-custom value url
set security utm custom-objects custom-url-category youtube-block-custom value Fb1
3. Call youtube-block-custom list to blacklist:
set security utm feature-profile web-filtering url-blacklist youtube-block-custom
4. Define web-filtering type as juniper-local (it will check its local database for urls, since we are not using any web-filtering license)
set security utm feature-profile web-filtering type juniper-local
5. Create utm-policy (eg; web-block)
set security utm utm-policy web-block web-filtering http-profile junos-wf-local-default
set security utm utm-policy web-block traffic-options sessions-per-client over-limit log-and-permit
6. Apply it in security policy (for source-address 203.129.209.9)
set security policies from-zone Trust-Customer-LAN to-zone Untrust-WAN policy test-policy match source-address 203.129.209.9
set security policies from-zone Trust-Customer-LAN to-zone Untrust-WAN policy test-policy match destination-address any
set security policies from-zone Trust-Customer-LAN to-zone Untrust-WAN policy test-policy match application any
set security policies from-zone Trust-Customer-LAN to-zone Untrust-WAN policy test-policy then permit application-servicesutm-policy web-block