Advanced URL Filtering
URL Categories
Table of Contents
URL Categories
Learn about the foundational role of URL categories in URL filtering, and explore the
complete list of PAN-DB URL filtering categories.
| Where can I use this? | What do I need? |
|---|---|
|
This feature has no prerequisites.
|
Palo Alto Networks categorizes websites based on website content, features, and safety.
The main consideration in categorization is site content. PAN-DB, Palo Alto Networks URL
database is the authoritative source for URL classification. Whenever a user requests a
URL, the firewall compares the URL to entries in PAN-DB. The firewall performs local
lookups and only queries the cloud when necessary. New and unknown websites undergo
real-time analysis by machine learning models. WildFire® data, threat research from Unit 42, automated
classification engines, and other sources ensure PAN-DB stays accurate and up to date.
For more information, see How Advanced URL Filtering Works.
PAN-DB assigns up to four predefined URL categories to websites, including
risk
categories when applicable. URL categories enable category-based filtering of
web traffic and granular policy rule creation. Beyond blocking or allowing entire groups
of websites, you can use URL categories to define user- or group-based policy rules and
create exceptions to URL category enforcement. URL categories also support features like
Safe Search Enforcement. You can also use URL
categories as match conditions for Security, QoS, Decryption, and Authentication policy
rules. This enables you to apply controls to selective traffic. (See URL Filtering Use Cases for more examples.)
Considerations:
- When a URL matches multiple categories, the category with the most strict URL Filtering profile action is enforced. From most to least strict, the actions are block, override, continue, alert, and allow.
- PAN-DB evaluates URLs against custom URL categories before checking external dynamic lists and predefined URL categories to decide which policy rule to enforce. When multiple Security policy rules or profiles include the same URL category (custom or predefined), the firewall enforces the rule with the strictest URL Filtering profile or policy rule action for matching traffic.
URL Category Lookup and Change Request
To check the categories of a specific URL, enter the URL into Test A Site, Palo Alto Networks URL lookup engine.
If you believe a URL has been incorrectly categorized, submit a URL category change request.
URL category change requests aren't supported for the following categories. Palo
Alto Networks strictly maintains these categories as they are either
system-defined, dynamically assigned, or not content-based.
- real-time-detection
- insufficient-content
- newly-registered-domain
- encrypted-dns
- scanning-activity
- risk categories—high-risk, medium-risk, low-risk
- private-ip-addresses
- unknown
Custom URL Categories
Some requirements can't be met by blocking or allowing entire categories. You can
define custom URL categories to
fine-tune website access rules and create exceptions to URL category enforcement.
Custom URL categories can either be a list of URLs (URL List
type) or a combination of predefined categories (Category
Match).
- The URL List type functions as a block or allow list. You can specify websites to treat independently from their assigned categories. For example, you can block the social networking category while allowing access to a specific social networking website. To specify multiple domains or URLs in a single entry, use wildcards. Wildcard usage is explained in Guidelines for URL Category Exceptions.
- The Category Match type enables multicategory filtering. You can monitor and control access to websites that match multiple categories. Rules for custom URL categories take precedence over rules for predefined URL categories. For example, you might want to alert on URLs that are both unknown and high-risk while blocking all other high-risk sites. To do this, define a custom URL category combining the unknown and high-risk categories, set the custom category to alert in a URL Filtering profile, and then apply that profile to the appropriate Security policy rules.
Predefined URL Categories
In predefined URL Filtering profiles (default or best-practice), each URL category
has a default action assigned to it. These default actions
reflect security experts' recommendations for the safest browsing experience. When
you create a new URL Filtering profile, each URL category has an initial default
action of allow. Configure each URL category in these
profiles according to your organization's requirements before attaching the profile
to policy rules.
To help you set the appropriate action for new categories, content notices
summarizing new categories, their default actions in predefined profiles, and
recommendations, are sent out in advance of category activation.
We also recommend reviewing the actions configured for categories in the following
classes due to the productivity, safety, and regulatory concerns they raise:
- Known Threats includes URLs confirmed to be malicious or observed exhibiting exploitative behavior. These sites pose immediate risks to network security and do not receive a risk rating.
- Potential Threats includes URLs that may not be inherently malicious but can be used for harmful purposes or require further analysis.
- Legal Liability includes URLs whose content may be subject to laws, regulations, or company policies.
Configure an alert for URL categories that you aren't sure
how to handle. Default or recommended actions may be too restrictive and prevent
the availability of websites that serve legitimate purposes. The 'alert' action
generates URL filtering logs that you can review to determine if you should
update site access, create URL category exceptions, or implement user-based
exceptions.
The following table alphabetically lists each predefined category along
with descriptions and recommended URL Filtering profile actions. The security-focused categories (high-risk, medium-risk, and low-risk) are
covered separately due to their unique characteristics.
|
URL Category
|
Description
|
|---|---|
|
Abortion
|
Sites that pertain to information or groups in favor of or
against abortion, detail regarding abortion procedures, help
or support forums for or against abortion, or sites that
provide information regarding the consequences or effects of
pursuing (or not) an abortion.
Recommended URL Filtering Action: Alert
|
|
Abused Drugs
|
Sites that promote the abuse of both legal and illegal drugs,
the use and sale of drug-related paraphernalia, or the
manufacturing or selling of drugs.
Recommended URL Filtering Action: Block
|
|
Adult
|
Sites with any sexually explicit material, media (including
language, games, or comics), art, or products, online groups
or forums that are sexually explicit in nature, and sites
that promote adult services, such as video or telephone
conferencing, escort services, and strip clubs.
Recommended URL Filtering Action: Block
|
|
Alcohol and Tobacco
|
Sites that pertain to the sale, manufacturing, or use of
alcohol or tobacco products, and related paraphernalia.
Includes sites related to electronic cigarettes.
Recommended URL Filtering Action: Alert
|
|
Artificial Intelligence
Websites that use machine learning and deep learning models,
including large language models, to provide services that
typically require human intelligence. The services provided
include but are not limited to chatbot, productivity,
summarizer, transcriber, no-code, and audio or video
editing-related services. Emphasis is given to websites
hosting the actual AI service, not informational AI
content.
Websites whose primary business is not actual AI service but
use AI to support their main offering (for example,
real-estate platforms with AI-generated descriptions or
AI-powered travel sites are not part of this category).
You can use this broader category to
apply policy rules to the following AI subcategories
collectively. Recommended URL Filtering Action: Alert
| |
| AI Code Assistant |
Sites that provide services to assist with code writing,
optimization, and generation using artificial intelligence.
This may include platforms that support code completion, bug
detection, and code suggestions.
Recommended URL Filtering Action: Block
|
| AI Conversational Assistant |
AI-driven conversational assistants that utilize natural
language processing (NLP) and machine learning to facilitate
human-like interactions. These assistants are designed to
support a wide range of tasks through conversational
interfaces, typically accepting text and files as input and
are designed to provide contextual, interactive support.
Recommended URL Filtering Action: Block
|
| AI Data and Workflow Optimizer |
Data optimization sites that utilize artificial intelligence
to provide functionalities such as automated data cleaning,
transformation, and analysis, as well as streamlining and
managing repetitive workflow tasks to improve efficiency and
productivity.
Recommended URL Filtering Action: Block
|
| AI Meeting Assistant |
Sites that leverage artificial intelligence to provide
meeting assistance services, including summarizing key
points, highlighting action items, and generating follow-up
task lists.
Recommended URL Filtering Action: Block
|
| AI Media Service |
Sites that utilize artificial intelligence and machine
learning to generate, manipulate, edit, and detect various
forms of AI-generated media, including images, voice, music,
videos, ads, QR codes, AI headshots, and AI avatars, based
on text prompts or input images. Sites that use GenAI to
generate adult content, including images and videos, will
not be categorized under AI-media. Instead, they are covered
under the ‘Adult’ category.
Recommended URL Filtering Action: Alert
|
| AI Platform Service |
Sites that provide comprehensive tools and services for GenAI
application development, including chatbot creation, model
training, deployment, and optimization, as well as access to
pre-trained models and code libraries. These platforms
streamline the development process, facilitate
collaboration, and enable developers to focus on core
application logic without managing infrastructure or
building models from scratch.
Recommended URL Filtering Action: Block
|
| AI Website Generator |
Sites that leverage artificial intelligence for creating
websites based on user input and preferences include
generating content, layout design, and building code for the
websites. The category doesn't include sites that lack AI
functionalities and rely solely on pre-built templates or
manual design tools.
Recommended URL Filtering Action: Alert
|
| AI Writing Assistant |
Sites that leverage artificial intelligence and machine
learning to enhance productivity by providing text-based
content generation capabilities across industries such as
marketing, eCommerce, SEO, and education. These platforms
improve efficiency and streamline tasks like SEO-optimized
writing, customer service and prompt generation, while also
supporting a broad range of content creation needs from
creative writing and academic assistance to marketing and
customer review management. Language translation services
are not part of this category; such sites are covered under
the ‘Translation’ category.
Recommended URL Filtering Action: Block
|
|
Auctions
|
Sites that promote the sale of goods between individuals.
Auctions with donation purposes are
categorized as 'Society'. Recommended URL Filtering Action: Alert
|
|
Business and Economy
|
Sites with content related to marketing, management,
economics, entrepreneurship, or running a business. Includes
sites for advertising and marketing firms, shipping services
such as fedex.com, internet service providers (ISPs), and
conferences*.
Recommended URL Filtering Action: Alert
|
|
Command and Control
|
Command-and-control (C2) URLs and domains used by malware or
compromised systems to surreptitiously communicate with an
attacker's remote server to receive malicious commands or
exfiltrate data.
Recommended URL Filtering Action: Block
|
| Compromised Website |
Benign or legitimate sites that have been hacked or infected
with content such as malicious scripts, viruses, trojans, or
executables.
Recommended URL Filtering Action: Block
|
|
Computer and Internet Info
|
Sites that provide general information about computers and
the internet. Including sites about computer science,
engineering, hardware, software, security, programming,
etc.
Programming may have some overlap
with the 'Reference and Research' category, but the main
category should remain 'Computer and Internet Info.' Recommended URL Filtering Action: Alert
|
|
Content Delivery Networks
|
Sites whose primary focus is delivering content, such as
advertisements, media, files, and image servers, to third
parties.
Recommended URL Filtering Action: Alert
|
|
Copyright Infringement
|
Domains with illegal content, such as content that allows the
illegal download of software or other intellectual property,
which poses a potential liability risk.
Sites that provide peer-to-peer file
exchange services or general streaming media belong to their
own respective categories. Recommended URL Filtering Action: Block
|
|
Cryptocurrency
|
Sites that promote cryptocurrencies, cryptomining (but not
embedded crypto miners) sites, cryptocurrency exchanges and
vendors, and sites that manage cryptocurrency wallets and
ledgers.
Sites referencing cryptocurrency or
malicious sites related to cryptocurrency will be
categorized separately. For example, sites that explain how
cryptocurrencies and blockchain technology work fall under
the 'Computer and Internet Info' category. Recommended URL Filtering Action: Alert
|
|
Dating
|
Sites offering online dating services, advice, or other
personal ads.
Dating sites that offer sexual chat
rooms fall under the 'Adult' category. Recommended URL Filtering Action: Alert
|
|
Dynamic DNS
|
Sites that provide or utilize dynamic DNS services to
associate domain names with dynamic IP addresses.
Dynamic DNS is often used by
attackers for command-and-control communication and other
malicious purposes. Recommended URL Filtering Action: Block
|
|
Educational Institutions
|
Official sites for schools, colleges, universities, school
districts, online classes, and other academic institutions.
Also includes sites for tutoring academies.
This category refers to larger,
established educational institutions, such as elementary
schools, high schools, and universities. Recommended URL Filtering Action: Alert
|
|
Encrypted DNS
|
Sites for DNS resolver service providers, which offer
security and privacy for end users by encrypting DNS
requests and responses using protocols like DNS over HTTPS
(DoH).
Recommended URL Filtering Action: Block
|
|
Entertainment and Arts
|
Sites for movies, television, radio, videos, programming
guides or tools, comics, performing arts, museums, art
galleries, or libraries. Includes sites for entertainment,
celebrity, and industry news.
Recommended URL Filtering Action: Alert
|
|
Extremism
|
Sites promoting terrorism, racism, fascism, or other views
that discriminate against people or groups of different
ethnic backgrounds, religions, and other beliefs. In some
regions, laws and regulations may prohibit allowing access
to extremist sites, and allowing access may pose a liability
risk.
Websites that discuss controversial
political or religious views fall under the 'Philosophy and
Political Advocacy' and 'Religion' categories,
respectively. Recommended URL Filtering Action: Block
|
|
File Converter
|
Sites that allow users to convert, compress, or otherwise
modify files, including documents (such as PDF files),
images, audio, and video.
Recommended URL Filtering Action: Alert
|
|
Financial Services
|
Sites pertaining to personal finances or advice, such as
online banking, loans, mortgages, debt management, credit
card companies, foreign currency exchanges (FOREX), and
insurance companies. Excludes sites related to health
insurance, stock markets, brokerages, or trading
services.
Recommended URL Filtering Action: Alert
|
|
Gambling
|
Sites that facilitate the exchange of real or virtual money
through lotteries or gambling. Includes related sites that
provide information, tutorials, or advice on gambling, such
as how to bet odds and pools.
Corporate websites for hotels and
casinos that don't enable gambling fall under the 'Travel'
category. Recommended URL Filtering Action: Block
|
|
Games
|
Sites that provide online play or downloads of video or
computer games, game reviews, tips, cheats, or related
publications and media. Includes sites that provide
instructions for nonelectronic games, facilitate the sale or
trade of board games, or support or host online sweepstakes
and giveaways.
Recommended URL Filtering Action: Alert
|
|
Government
|
Official websites for local, state, and national governments,
as well as related agencies, services, or laws.
Sites for public libraries and
military institutions fall under the 'Reference and
Research' and 'Military' categories, respectively. Recommended URL Filtering Action: Alert
|
|
Grayware
|
Web content that does not pose a direct security threat but
that displays other intrusive behavior and tempts end users
to grant remote access or perform other unauthorized
actions.
Grayware includes illegal activities, criminal activities,
rogueware, adware, and other unwanted or unsolicited
applications, such as embedded crypto miners, clickjacking,
or hijackers who change browser elements. Typosquatting
domains that do not exhibit maliciousness and are not owned
by the targeted domain will be categorized as
'grayware.'
Recommended URL Filtering Action: Block
|
|
Hacking
|
Sites related to the illegal or questionable access to or use
of communications equipment or software, including the
development and distribution of such programs,
how-to-advice, or tips that may result in the compromise of
networks and systems. Includes sites that facilitate the
bypass of licensing and digital rights systems.
Recommended URL Filtering Action: Block
|
|
Health and Medicine
|
Sites containing information about general health, issues,
and traditional and nontraditional tips, remedies, and
treatments. Includes sites for various medical specialties,
practices, facilities (such as gyms and fitness clubs), and
professionals. Sites related to medical insurance and
cosmetic surgery are also included.
Recommended URL Filtering Action: Alert
|
|
Home and Garden
|
Sites with information, products, and services related to
home repair and maintenance, architecture, design,
construction, decor, and gardening.
Recommended URL Filtering Action: Alert
|
|
Hunting and Fishing
|
Sites that provide hunting and fishing tips or instructions
or facilitate the sale of related equipment and
paraphernalia.
Sites that primarily sell firearms
(even if used for hunting) fall under the 'Weapons'
category. Recommended URL Filtering Action: Alert
|
|
Insufficient Content
|
Sites and services that present test pages, have no content,
provide API access not intended for end-user display, or
require authentication without displaying any other content
suggesting a different categorization.
Recommended URL Filtering Action: Block
|
|
Internet Communications and Telephony
|
Sites that support or provide services for video chatting,
instant messaging, or other telephony capabilities.
Recommended URL Filtering Action: Alert
|
|
Internet Portals
|
Sites that serve as a starting point for users, usually by
aggregating a broad set of content and topics.
Recommended URL Filtering Action: Alert
|
|
Job Search
|
Sites that provide job listings, employer reviews, interview
advice and tips, or related services for both employers and
prospective candidates.
Recommended URL Filtering Action: Alert
|
|
Legal
|
Sites that provide information, analysis, or advice regarding
the law, legal services, legal firms, or other legal-related
issues.
Recommended URL Filtering Action: Alert
|
|
Malware
|
Sites containing or known to host malicious content,
executables, scripts, viruses, trojans, and code.
Recommended URL Filtering Action: Block
|
|
Marijuana
|
Sites that discuss, encourage, promote, offer, sell, supply
or otherwise advocate the use, cultivation, manufacture, or
distribution of marijuana and its myriad aliases, whether
for recreational or medicinal purposes. Includes sites with
content regarding marijuana-related paraphernalia.
Recommended URL Filtering Action: Alert
|
|
Military
|
Sites with information or commentary on military branches,
recruitment, current or past operations, or any related
paraphernalia. Includes sites for military and veteran
associations.
Recommended URL Filtering Action: Alert
|
|
Motor Vehicles
|
Sites with information relating to reviews, sales, trading,
modification, parts, and other related discussions of
automobiles, motorcycles, boats, trucks, and recreational
vehicles (RVs).
Recommended URL Filtering Action: Alert
|
|
Music
|
Sites related to music sales, distribution, or information.
Includes websites for music artists, groups, labels, events,
lyrics, and other information regarding the music business.
Excludes music streaming sites.
Recommended URL Filtering Action: Alert
|
|
Newly Registered Domains
|
Sites that have been registered within the last 32 days.
Newly registered domains are often generated purposely or by
domain generation algorithms and can be used for malicious
activity.
Recommended URL Filtering Action: Block
|
|
News
|
Online publications, newswire services, and other websites
that aggregate current events, weather, or other
contemporary issues. Includes newspapers, radio stations,
magazines, and podcasts.
If the magazine or news website
focuses on a specific topic like sports, travel, fashion, it
gets categorized based on the dominant content on the
site. Recommended URL Filtering Action: Alert
|
|
Not-Resolved
|
This category indicates that the website wasn't found in the
local URL filtering database or cache and the firewall was
unable to connect to the cloud database to check the
category.
For troubleshooting tips, see URLs Classified as
Not-Resolved.
Recommended URL Filtering Action: Block
|
|
Nudity
|
Sites that contain nude or seminude depictions of the human
body, regardless of context or intent, such as artwork.
Includes nudist or naturist sites containing images of
participants.
Recommended URL Filtering Action: Alert
|
|
Online Storage and Backup
|
Sites that provide online storage of files for free or as a
service. Includes photo-sharing sites.
Recommended URL Filtering Action: Alert
|
|
Parked
|
URLs that host limited content or click-through ads, which
may generate revenue for the host entity but generally don't
contain content that is useful to end users. Includes
domains that are for sale.
Parked sites with adult content fall
under the 'Adult' category. Recommended URL Filtering Action: Block
|
|
Peer-to-peer
|
Sites that provide access to or clients for peer-to-peer
sharing of torrents, download programs, media files, or
other software applications. Primarily applicable to those
sites with BitTorrent download capabilities. Excludes
shareware or freeware sites.
Recommended URL Filtering Action: Block
|
|
Personal Sites and Blogs
|
Personal websites and blogs by individuals or groups. If such
sites have a dominant topic associated with another
category, they will be categorized with both categories.
Recommended URL Filtering Action: Alert
|
|
Philosophy and Political Advocacy
|
Sites containing information, viewpoints, or campaigns
regarding philosophical or political views.
Recommended URL Filtering Action: Alert
|
|
Phishing
|
Web content that covertly attempts to harvest information,
such as login credentials, credit card information, account
numbers, PINs, and other personally identifiable information
(PII), voluntarily or involuntarily, from victims using
social engineering techniques. Includes technical support
scams and scareware.
Recommended URL Filtering Action: Block
|
|
Private IP Addresses
|
This category includes IP addresses defined in RFC 1918, 'Address
Allocation for Private Intranets.' It also includes domains
not registered with the public DNS system (*.local and
*.onion).
Private IP addresses (and hosts) are
unique to the host environment and are invisible to PAN-DB.
Palo Alto Networks does not assign a risk rating to private
IP addresses, and the default action is Allow. Recommended URL Filtering Action: Block
|
|
Proxy Avoidance and Anonymizers
|
Proxy servers and other methods that bypass URL filtering or
monitoring.
VPNs with corporate-level usage fall
under the 'Internet Communication and Telephony'
category. Recommended URL Filtering Action: Block
|
|
Questionable
|
Sites containing tasteless humor or offensive content
targeting specific demographics of individuals or groups of
people.
Recommended URL Filtering Action: Block
|
|
Ransomware
|
Websites known to host ransomware or malicious traffic
involved in conducting ransomware campaigns that generally
threaten to publish private data or keep access to specific
data or systems blocked, usually by encrypting it, until the
demanded ransom is paid. This also covers URLs that deliver
related stealers, wipers, and loaders that may carry
ransomware payloads.
Recommended URL Filtering Action: Block
|
|
Real Estate
|
Sites that provide information on property rentals, sales,
and related tips or information. Includes sites for real
estate agents and firms, rental services, listings (and
aggregates), property improvement, and property management
groups or individuals.
Sites for mortgage and loan
servicers fall under the 'Financial Services'
category. Recommended URL Filtering Action: Alert
|
|
Real-time Detection (Advanced URL Filtering
only)
|
URLs that have been analyzed and detected by real-time inline
analysis as part of Advanced URL Filtering.
Recommended URL Filtering Action: Alert
|
|
Recreation and Hobbies
|
Sites that consist of information, forums, associations,
groups, or publications related to recreational activities
and hobbies.
Sites that sell products related to
recreational activities or hobbies, such as REI.com, fall
under the 'Shopping' category. Recommended URL Filtering Action: Alert
|
|
Reference and Research
|
Sites that provide personal, professional, or academic
reference portals, materials, or services. Includes sites
for online dictionaries, maps, almanacs, census information,
libraries, genealogy, and scientific information.
Recommended URL Filtering Action: Alert
|
|
Religion
|
Sites with information regarding various religions, related
activities, or events. Includes sites for religious
organizations, officials, fortune-telling, and places of
worship.
Sites for private primary or
secondary schools affiliated with a religious
organization, such as Catholic schools, with a
curriculum that teaches general religious education and
secular subjects fall under the 'Educational
Institutions' category. Recommended URL Filtering Action: Alert
|
| Remote Access |
Sites that provide tools or information to facilitate
authorized remote access to private computers and attached
networks.
Recommended URL Filtering Action: Alert
|
| Scanning Activity (Advanced URL Filtering only) |
Adversaries can use infected hosts to scan the network to
actively gather information about existing vulnerabilities
to launch targeted attacks. Additionally, malicious
campaigns can use such probing activity for launching and
executing network-based attacks. The presence of such
network scanning or probing activity serves as an indicator
of compromise.
Recommended URL Filtering Action: Block
|
|
Search Engines
|
Sites that provide a search interface using keywords,
phrases, or other parameters that may return information,
websites, images, or other files as results.
Recommended URL Filtering Action: Alert
|
|
Sex Education
|
Sites that provide information on reproduction, sexual
development, safe sex practices, sexually transmitted
diseases, birth control, tips for better sex, and any
related products or paraphernalia. Includes sites for
related groups, forums, or organizations.
Recommended URL Filtering Action: Alert
|
|
Shareware and Freeware
|
Sites that provide access to software, screensavers, icons,
wallpapers, utilities, ringtones, themes, or widgets for
free or donations. Includes open-source projects.
Recommended URL Filtering Action: Alert
|
|
Shopping
|
Sites that facilitate the purchase of goods and services.
Includes online merchants, sites for department stores,
retail stores, catalogs, and price aggregation or monitoring
tools. Sites in this category should be online merchants
that sell a variety of items (or whose main purpose is
online sales).
A website for a cosmetics company
that happens to allow online purchasing falls under the
Cosmetics category. Recommended URL Filtering Action: Alert
|
|
Social Networking
|
User communities or sites where users interact with each
other, post messages, pictures, and otherwise communicate
with groups of people.
Personal sites, blogs, or forums fall under the Personal
Sites and Blogs category. Recommended URL Filtering Action: Alert
|
|
Society
|
Sites with content related to the general population or
issues that impact a large variety of people, such as
fashion, beauty, philanthropic groups, societies, or
children. Includes restaurant websites.
Corporate websites related to
food, such as Burger King, fall under the 'Business and
Economy' category. Recommended URL Filtering Action: Alert
|
|
Sports
|
Sites with information about sporting events, athletes,
coaches, officials, teams or organizations, scores,
schedules, related news, or sports paraphernalia. Includes
websites for fantasy sports and virtual sports leagues.
Sites with the main purpose of
selling sports goods fall under the 'Shopping'
category. Recommended URL Filtering Action: Alert
|
|
Stock Advice and Tools
|
Sites with information about the stock market, trading of
stocks or options, portfolio management, investment
strategies, quotes, or related news.
Recommended URL Filtering Action: Alert
|
|
Streaming Media
|
Sites that stream audio or video content for free or
purchase, including online radio stations, streaming music
services, and the archiving of podcasts.
Recommended URL Filtering Action: Alert
|
|
Swimsuits and Intimate Apparel
|
Sites that include information or images concerning
swimsuits, intimate apparel, or other suggestive
clothing.
Recommended URL Filtering Action: Alert
|
|
Training and Tools
|
Sites that provide online education, training, and related
materials. Includes driving or traffic schools, workplace
training, games, applications, tools with educational
purposes, and tutoring academies.
Specific skills classes are
categorized based on their subject. For example, websites
for music classes fall under the 'Music' category. Recommended URL Filtering Action: Alert
|
|
Translation
|
Sites that provide translation services, including both user
input and URL translations. These sites can also allow users
to circumvent filtering as the target page's content is
presented within the context of the translator's URL.
Recommended URL Filtering Action: Alert
|
|
Travel
|
Sites that provide information about travel, such as tips,
deals, pricing, destinations, tourism, and related services
like hotels, local attractions, casinos (if the site does
not allow online gambling), airlines, cruise lines, travel
agencies, and vehicle rentals. Includes websites for the
following:
Recommended URL Filtering Action: Alert
|
|
Unknown
|
Sites that have not yet been identified by Palo Alto
Networks.
If availability of this
site is critical to your business and you must allow the
traffic, alert on unknown sites, apply the best practice
Security profiles to the traffic, and investigate the
alerts. PAN-DB Real-Time Updates learn unknown sites after a
first attempt to access these sites, so unknown URLs are
identified quickly and become known URLs that the
firewall can then handle based on the actual URL
category. Recommended URL Filtering Action: Block
|
|
Weapons
|
Sites that handle sales or offer reviews, descriptions of, or
instructions regarding weapons, armor, bulletproof vests,
and their use.
Sites related to clay
shooting, shooting ranges, and archery receive the primary
category of Weapons and a secondary category of
Sports. Recommended URL Filtering Action: Block
|
|
Web Advertisements
|
Sites with advertisements, media, content, and banners.
Includes pages for subscribing and unsubscribing from
newsletters or ads.
Recommended URL Filtering Action: Alert
|
|
Web-based Email
|
Any website that provides access to an email inbox and the
ability to send and receive emails. Emphasis is given to
websites that offer free or paid public access to such
services.
Recommended URL Filtering Action: Alert
|
|
Web Hosting
|
Sites that offer free or paid hosting services for webpages.
Includes sites with information about web development,
publication, promotion, and other methods of increasing
traffic.
Recommended URL Filtering Action: Alert
|
Known and Potential Threat Categories
Known Threat and Potential Threat refer to classes of URL
categories that are known to cause harm or highly likely to cause harm. Sites in
these categories may be associated with cyberthreats, vulnerabilities, or specific
attack tactics and procedures (TTPs). They could also have poor security measures,
lack a historical footprint (like a newly registered domain), or present other
characteristics that increase exploitation risk (such as extremist content). Whether
malicious by design or compromised by bad actors, known or potential threats pose
significant security risks and should be strictly controlled in most
environments.
The following sections describe these two types of threats further.
Known Threats
The Known Threat category covers sites that have been previously
identified as malicious. These sites exhibit clear patterns of exploitation
through their content, behaviors, and other properties. Most categories in this
group correspond to a specific cybersecurity threat. Due to their inherent risk,
these categories don’t receive a risk rating and are automatically blocked
in default URL Filtering profiles.
We strongly recommend blocking the following categories in custom URL Filtering
profiles:
- grayware
- malware
- compromised-website
- phishing
- command-and-control
- ransomware
- scanning activity
Potential Threats
The Potential Threat category covers sites that may not be inherently
malicious but pose an elevated security risk due to their content, features, or
proximity to known threats. Newly Registered Domains, for
example, are vulnerable to exploitation by bad actors. Bad actors frequently
register new domains to launch web-based attacks. Unknown
sites are also potential threats because they require further analysis for
proper classification.
While not indisputably dangerous, we strongly recommend blocking the following
categories:
- dynamic-dns
- hacking (but make exceptions for internal PEN testers)
- insufficient-content
- newly-registered-domain
- not-resolved
- parked
- proxy-avoidance-and-anonymizersIf proxy avoidance is allowed, URL filtering and other Palo Alto Networks services won’t have visibility into this encrypted traffic and can't block access to malicious URLs, downloads, or other content.
- unknown
Legal Liability Categories
The Legal Liability category covers sites with content or features subject to
laws and regulations (business, local, national, or otherwise). Unlike the Known
Threat and Potential Threat categories, the risk posed by legal
liability categories varies based on your specific environment, industry, and risk
tolerance.
To minimize legal liability and ensure compliance with applicable policy and
regulations, we recommend restricting access to these categories. You can apply the
block or alert action. If business
needs require allowing certain categories, consider alerting on these categories to
log and gain insight into the traffic. You can adjust site access (or actions in
Security policy rules) at any time.
The following table lists the URL categories that pose legal liability risk and the
recommended URL filtering action for each category.
| URL Category | Recommended Action |
|---|---|
| Abused Drugs | block |
| Adult | block |
| Artificial Intelligence | alert |
| AI Code Assistant | block |
| AI Conversational Assistant | block |
| AI Data and Workflow Optimizer | block |
| AI Meeting Assistant | block |
| AI Media Service | alert |
| AI Platform Service | block |
| AI Website Generator | alert |
| AI Writing Assistant | block |
| Alcohol and Tobacco | alert |
| Copyright Infringement | block |
| Cryptocurrency | alert |
| Extremism | block |
| Gambling | block |
| Marijuana | alert |
| Peer-to-peer | block |
| Questionable | block |
| Weapons | block |
Security-Focused URL Categories
PAN-DB automatically evaluates and assigns a risk category
(high-risk,
medium-risk, or
low-risk) to URLs that have not previously been
classified as malicious or observed displaying characteristics associated with known
threats, or that no longer classify as malicious because they have displayed
only benign activity for at least 30 days.
To determine risk, PAN-DB analyzes URL properties, current and historical content and
behavior, and association with known malicious sites.
PAN-DB doesn't assign risk ratings to URLs in Known Threat categories or private IP addresses (and
hosts). Private IP addresses are unique to the host environment and are
invisible to PAN-DB.
Security-focused URL categories facilitate targeted policy enforcement and decryption
based on risk levels. You can prevent users from accessing high- and medium-risk
websites and newly registered domains, or decrypt traffic to these categories if you
allow them. As site content and behavior change, risk categories adapt
automatically. Using risk categories with URL filtering ensures dynamic access
control and policy enforcement.
You can’t submit a change request for risk categories due to the dynamic nature
of the categories.
The following table summarizes each risk category and provides a recommended URL
filtering action.
| Risk Category | Description |
|---|---|
| High Risk |
Recommended URL Filtering Action: Alert
|
| Medium Risk |
Recommended URL Filtering Action: Alert
|
| Low Risk |
Sites that are not medium or high risk. These sites have
displayed benign activity for a minimum of 90 days.
Recommended URL Filtering Action: Alert
|