URL Filtering Categories
to control access to websites based on URL categories.
Attach a URL Filtering profile to all Security policy rules that allow access to web-based applications to protect against URLs that have been observed to host malware or exploitive content.
In addition to the predefined categories, both custom URL categories and external dynamic lists of type URL are displayed under
Category. By default, the
User Credential Submissionpermissions for all categories are set to
Blockall known dangerous URL categories, including command-and-control, copyright-infringement, dynamic-dns, extremism, malware, phishing, proxy-avoidance-and-anonymizers, unknown, and parked to protect against exploit infiltration, malware download, command-and-control activity, and data exfiltration.
To phase in a block policy, set categories to
continueand create a custom response page to educate users about your use policy and alert them that they are visiting a site that may pose a threat. After a suitable period of time, transition to a policy that blocks the potentially malicious sites.
For each URL category, select the action to take when a user attempts to access a URL in that category (
The Continue pages will not be displayed properly on client machines that are configured to use a proxy server.
The Override pages will not be displayed properly on client machines that are configured to use a proxy server.
User Credential Submission
For each URL category, select the
User Credential Submissionsto allow or disallow users from submitting valid corporate credentials to a URL in that category. Before you can control user credential submissions based on URL category, you must enable credential submission detection (select the
User Credential Detectiontab).
URL categories with the
Site Accessset to block are automatically set to also block user credential submissions.
Check URL Category
Click to access the PAN-DB URL Filtering database, where you can enter a URL or IP address to view categorization information.
Dynamic URL Filtering
Configurable for BrightCloud only)
Select to enable cloud lookup for categorizing the URL. This option is invoked if the local database is unable to categorize the URL.
If the URL is unresolved after a 5 second timeout window, the response is displayed as
With PAN-DB, this option is enabled by default and is not configurable.