Configuring the URL filter policy

The URL filter policy makes it possible to set the rules that allow or block access to specified URLs. The URL filter policy must be enabled in the application inspection of a filter policy rule before it can be applied - this will be seen in our example.

IMPORTANT
The URL filtering module is different from the SSL filtering module. To filter and decrypt HTTPS connections, a specific and advanced configuration must be set up. For more information, refer to the technical note Filtering HTTPS connections.

Configuring URLs

In our example, we want to block access to URLs ending in .exe. Start by creating a custom URL category containing the URL format to block.

  1. Go to Configuration > Objects > URL (Web objects in version 3), URL tab.
  2. Click on Add a customized category.
  3. On the new line, give the category a name (EXE in our example).
  4. Press Enter or click on the grid on the left to confirm.
  5. The new category will appear highlighted. If it does not, select it.
  6. In the grid on the right, click on Add a URL.
  7. On the new line, define the URL that you want to block. In our example, we entered *.exe, meaning that all URLs ending in .exe will be blocked.
  8. Press Enter or click on the grid on the right to confirm.

Configuring the URL filter policy

  1. Go to Configuration > Security policy > URL filtering.
  2. In the drop-down menu, observe the policy that is being edited. Keep its name. If necessary, rename it by clicking on Edit > Rename or choose another one.
  3. Click on Add.
  4. Modify the fields to create the rule that block access to URLs ending in .exe:
    • Action field: select an action that makes it possible to block access. To inform a user when a page is blocked, you can customize the page in Configuration > Notifications > Block messages, HTTP Block page tab.
    • URL category field: select the category in question (EXE in our example).
  5. You can fill in your URL filter policy by blocking access to dynamic URL categories such as "shopping" or "pornography”. Every category contains several URLs that can be blocked or allowed, depending on the desired reaction.
  6. Place the block rules before the pass all rule by using the Up and Down buttons.
  7. Click on Apply, then save the configuration.