Configuring URL Conditions

Protect your network by controlling access to sites based on URL category and reputation.

Before you begin

Attention

As a prerequisite, ensure that you create at least a Monitor rule at the top of your access control policy, containing Category or Reputation parameters. This is essential to see ANY category or reputation data for ANY URLs that hit the particular access control policy.

If there is no rule in the access control policy with the category or reputation parameters configured, the Connection Events page in the management center shows no data for Category or Reputation for any URL traffic that hits the access control policy.

Procedure

Step 1	In the rule editor, click the following for URL conditions: Access control or QoS—Click URLs. SSL—Click Category.
Step 2	Find and choose the URL categories that you want to control: In an access control or QoS rule, click Category. For effective protection from malicious sites, you must block URLs in all Threat categories. Additionally, Talos recommends that you block only sites with Poor category. You can block questionable reputations if you have an aggressive security posture, but this may result in a higher amount of false positives. For a list of Threat categories, see URL Category and Reputation Descriptions. Be sure to click the arrows at the bottom of the list to see all available categories.
Step 3	(Optional) Constrain URL categories by choosing a Reputation. Note that if you explicitly match Uncategorized URLs, you cannot further constrain by reputation. Choosing a reputation level also includes other reputations either more or less severe than the level you choose, depending on the rule action: Includes less severe reputations—If the rule allows or trusts web traffic. For example, if you configure an access control rule to allow Favorable (level 4), it also automatically allows Trusted (level 5) sites. Includes more severe reputations—If the rule rate limits, decrypts, blocks, or monitors web traffic. For example, if you configure an access control rule to block Questionable sites (level 2), it also blocks Untrusted (level 1) sites. If you change the rule action, the system automatically changes the reputation levels in URL conditions. Optionally, select Apply to unknown reputation.
Step 4	Click Add URL or Add to Rule, or drag and drop.
Step 5	(Optional) To choose predefined URL objects, or URL lists and feeds in an access control or QoS rule, click URL, select the objects, and add them to the destination. These objects implement manual URL filtering rather than category-based filtering.
Step 6	Save or continue editing the rule.

Example: URL Condition in an Access Control Rule

The following graphic shows the URL condition for an access control rule that blocks all malware sites, all untrusted sites, and all social networking sites with a reputation level of Neutral or worse.

The following table summarizes how you build the condition.


Blocked URL	Category	Reputation
Malware sites, regardless of reputation	Malware Sites	Any
Any untrusted URL (level 1)	Any	1 - Untrusted
Social networking sites with a reputation level of Neutral or worse (levels 1 through 3)	Social Network	3 - Neutral