Configure URL Filtering

After you Determine URL Filtering Policy Requirements, you should have a basic understanding of what types of websites and website categories your users are accessing. With this information, you are now ready to create custom URL filtering profiles and attach them to the security policy rule(s) that allow web access.
  1. Create a URL Filtering profile or select an existing one.
    Because the default URL filtering profile blocks risky and threat-prone content, it is a best practice to clone this profile to preserve these default settings, rather than creating a new profile.
    1. Select
      Objects
      Security Profiles
      URL Filtering
      .
      Select the default profile and then click
      Clone
      . The new profile will be named default-1.
    2. Select the new profile and rename it.
  2. Define how to control access to web content.
    In the
    Categories
    tab, for each category that you want visibility into or control over, select a value from the
    Action
    column as follows:
    • If you do not care about traffic to a particular category (that is you neither want to block it nor log it), select
      allow
      .
    • For visibility into traffic to sites in a category, select
      alert
      .
    • To deny access to traffic that matches the category and to enable logging of the blocked traffic, select
      block
      .
    • To require users to click Continue to proceed to a questionable site, select
      continue
      .
    • To only allow access if users provide a configured password, select override. For more details on this setting, see Configure URL Admin Override.
  3. Define websites that should always be blocked or allowed.
    For example, to reduce URL filtering logs, you may want add you corporate websites in the allow list, so no logs will be generated for those sites. Or, if there is a website this is being overly used and is not work related in any way, you can add it to the block list.
    Items in the block list will always be blocked regardless of the action for the associated category, and URLs in the allow list will always be allowed.
    For more information on the proper format and wildcards usage, see URL Category Exception Lists.
    1. In the URL filtering profile, enter URLs or IP addresses in the
      Block List
      and select an action:
      • block
        —Block the URL.
      • continue
        —Prompt users click
        Continue
        to proceed to the web page.
      • override
        —The user will be a prompted for a password to continue to the website.
      • alert
        —Allow the user to access the website and add an alert log entry in the URL log.
    2. For the
      Allow
      list, enter IP addresses or URLs that should always be allowed. Each row must be separated by a new line.
  4. Modify the setting to log Container Pages only.
    The
    Log container page only
    option is enabled by default so that only the main page that matches the category is logged, not subsequent pages/categories that may be loaded within the container page. To enable logging for all pages/categories, clear the
    Log container page only
    check box.
  5. Enable HTTP Header Logging for one or more of the supported HTTP header fields.
    To log an HTTP header field, select one or more of the following fields to log:
    • User-Agent
    • Referer
    • X-Forwarded-For
  6. Save the URL filtering profile.
    1. Click
      OK
      .
    2. Click
      Commit
      .
      To test the URL filtering configuration, simply access a website in a category that is set to block or continue to see if the appropriate action is performed.

Recommended For You