Configuring URL Conditions

Protect your network by controlling access to sites based on URL category and reputation.

Procedure

Step 1

In the rule editor, click the following for URL conditions:

  • Access control or QoS—Click URLs.
  • SSL—Click Category.
Step 2

Find and choose the URL categories that you want to control:

In an access control or QoS rule, click Category.

For effective protection from malicious sites, you must block URLs in all Threat categories in addition to blocking URLs with poor or questionable reputation. For a list of Threat categories, see URL Category and Reputation Descriptions.

Be sure to click the arrows at the bottom of the list to see all available categories.

Step 3

(Optional) Constrain URL categories by choosing a Reputation.

Note that if you explicitly match Uncategorized URLs, you cannot further constrain by reputation. Choosing a reputation level also includes other reputations either more or less severe than the level you choose, depending on the rule action:

  • Includes less severe reputations—If the rule allows or trusts web traffic. For example, if you configure an access control rule to allow Favorable (level 4), it also automatically allows Trusted (level 5) sites.

  • Includes more severe reputations—If the rule rate limits, decrypts, blocks, or monitors web traffic. For example, if you configure an access control rule to block Questionable sites (level 2), it also blocks Untrusted (level 1) sites.

If you change the rule action, the system automatically changes the reputation levels in URL conditions.

Optionally, select Apply to unknown reputation.

Step 4

Click Add to Rule, or drag and drop.

Step 5

(Optional) To choose predefined URL objects, or URL lists and feeds in an access control or QoS rule, click URL, select the objects, and add them to the destination.

These objects implement manual URL filtering rather than category-based filtering.

Step 6

Save or continue editing the rule.

Example: URL Condition in an Access Control Rule

The following graphic shows the URL condition for an access control rule that blocks all malware sites, all untrusted sites, and all social networking sites with a reputation level of Neutral or worse.

Screenshot of a sample URL condition

The following table summarizes how you build the condition.

Blocked URL

Category

Reputation

Malware sites, regardless of reputation

Malware Sites

Any

Any untrusted URL (level 1)

Any

1 - Untrusted

Social networking sites with a reputation level of Neutral or worse (levels 1 through 3)

Social Network

3 - Neutral