URL (Uniform Resource Locator) Filter Profile¶
A URL Filtering Profile evaluates the URL of an HTTP request and applies an action to either allow or deny the traffic. In order to evaluate the URL, the traffic must be processed by a Forward Proxy rule. The set of URLs in the Profile can be specified as strings representing the full path or as strings representing a Perl Compatible Regular Expression (PCRE). If only domain filtering is required, it is best to use an FQDN Filtering Profile. An FQDN Filtering Profile can also be used in conjunction with URL Filtering, where the domain is evaluated using the FQDN Filtering Profile and the URL is evaluated using the URL Filtering Profile.
The URL Filtering Profile can use a set of pre-defined Categories. To view more information on Categories, please see FQDN / URL Filtering Categories.
Tech Notes
The URL Filtering is organized as a table containing user-specified rows (URLs and Categories) along with two default rows (Uncategorized and ANY). Categories and URLs can be combined within each row if desired.
The limits for each URL Filtering Profile are as follows:
- Maximum user-specified rows: 254 (Standalone or Group of Standalones)
- Maximum Categories and URLs per row: 60
- Maximum URL character length: 2048
When specifying a multi-level domain (e.g., www.example.com
), it's important to escape the .
character (e.g., www\.example\.com
) otherwise it will be treated as a wildcard for any single character
Uncategorized¶
- The penultimate row in a URL Filtering Profile, which is represented as Uncategorized
- Specifies the Policy action to take for URLs that do not match the user-specified URLS or do not have a Category
- If a Standalone Profile is used in a Group Profile and the Group Profile is applied to a Policy Ruleset Rule, the Uncategorized row will be taken from the Group Profile. The Uncategorized row of a Standalone Profile is only applicable if the Standalone Profile is directly applied to a Policy Ruleset Rule.
Default (ANY)¶
- The final row in a URL Filtering Profile, which is represented as ANY
- Specifies the Policy action to take for URLs that do not match the user-specified URLs or Categories, or are not Uncategorized
- If a Standalone Profile is used in a Group Profile and the Group Profile is applied to a Policy Ruleset Rule, the ANY row will be taken from the Group Profile. The ANY row of a Standalone Profile is only applicable if the Standalone Profile is directly applied to a Policy Ruleset Rule.
Create the Profile¶
User-Defined¶
- Navigate to Manage -> Profiles -> URL Filtering
- Click Create
- Provide a Profile Name and Description
- Click Add to create a new row
- Specify individual URLs (e.g., https://www.twitter.com/politics, https://www.google.com/.+?/admin)
- Each URL is specified as a PCRE (Perl Compatible Regular Expression)
- Each URL must be specified as a full path
- Consider escaping the
.
character else it will be treated as a single character wildcard
- Specify Categories (e.g., Gambling, Sports, Social Networking)
- Specify the HTTP methods to which the policy is applied
- Specify Delete, Get, Head, Options, Patch, Post, or Put for a subset of methods
- Specify All for all methods
- Specify the Policy action for the user-specified URLs/Categories, Uncategorized and ANY rows
- Allow Log - Allow the requests and log an event
- Allow No Log - Allow the requests and do not log an event
- Deny Log - Deny the requests and log an event
- Deny No Log - Deny the requests and do not log an event
- Specify the Return Status Code
- Specify an integer value greater than or equal to 100 and less than 600
- The value represents the HTTP status that will be returned to the client making the request
- A common return code is 503
- Click Save when completed
Associate the Profile¶
Check this document to create/edit Policy Rules