URL Filtering Profile Actions

The URL Filtering profile specifies web access and credential submission permissions for each URL category. By default, site access for all URL categories is set to allow when you Create a new URL Filtering profile. This means that the users will be able to browse to all sites freely and the traffic will not be logged. You can customize the URL Filtering profile with custom
Site Access
settings for each category, or use the predefined default URL filtering profile on the firewall to allow access to all URL categories except the following threat-prone categories, which it blocks: abused-drugs, adult, gambling, hacking, malware, phishing, questionable, and weapons.
For each URL category, select the
User Credential Submissions
to allow or disallow users from submitting valid corporate credentials to a URL in that category in order to Prevent Credential Phishing. Managing the sites to which users can submit credentials requires User-ID and you must first Set Up Credential Phishing Prevention. URL categories with the
Site Access
set to block are automatically set to also block user credential submissions.
Learn more about configuring a best practice URL Filtering profile to ensure protection against URLs that have been observed hosting malware or exploitive content.
Action
Description
Site Access
alert
The website is allowed and a log entry is generated in the URL filtering log.
allow
The website is allowed and no log entry is generated.
block
The website is blocked and the user will see a response page and will not be able to continue to the website. A log entry is generated in the URL filtering log.
Blocking site access for a URL category also sets User Credential Submissions for that URL category to block.
continue
The user will be prompted with a response page indicating that the site has been blocked due to company policy, but the user is prompted with the option to continue to the website. The
continue
action is typically used for categories that are considered benign and is used to improve the user experience by giving them the option to continue if they feel the site is incorrectly categorized. The response page message can be customized to contain details specific to your company. A log entry is generated in the URL filtering log.
The Continue page doesn’t display properly on client systems configured to use a proxy server.
override
The user will see a response page indicating that a password is required to allow access to websites in the given category. With this option, the security admin or helpdesk person would provide a password granting temporary access to all websites in the given category. A log entry is generated in the URL filtering log. See Allow Password Access to Certain Sites.
The Override page doesn’t display properly on client systems configured to use a proxy server.
none
The
none
action only applies to custom URL categories. Select
none
to ensure that if multiple URL profiles exist, the custom category will not have any impact on other profiles. For example, if you have two URL profiles and the custom URL category is set to
block
in one profile, if you do not want the block action to apply to the other profile, you must set the action to
none
.
Also, in order to delete a custom URL category, it must be set to
none
in any profile where it is used.
User Credential Permissions
These settings require you to first Set Up Credential Phishing Prevention.
alert
Allow users to submit corporate credentials to sites in this URL category, but generate a URL Filtering alert log each time this occurs.
allow (default)
Allow users to submit corporate credentials to websites in this URL category.
block
Block users from submitting corporate credentials to websites in this category. A default anti-phishing response page is displayed to users when they access sites to which corporate credential submissions are blocked. You can choose to create a custom block page to display.
continue
Display a response page to users that prompts them to select Continue to access to access the site. By default, the Anti Phishing Continue Page is shown to user when they access sites to which credential submissions are discouraged. You can also choose to create a custom response page to display—for example, if you want to warn users against phishing attempts or reusing their credentials on other websites.

Related Documentation