Skip to content

URL Filtering

URL Filtering profile provides Valtix customers with the ability to specify filtering rules to allow or deny HTTP request access to specific URLs when the Valtix Gateways are deployed in the Forward Proxy (Egress) mode. The URLs can be specified as strings representing the full path or as strings representing a regular expression (REGEX), representing full paths to match several URLs at the same time.

Creating a URL Filtering Profile

To create an Application Threat Web Protection profile:

  1. Navigate to Manage -> Profiles -> URL Filtering
  2. Click Create
  3. Provide a Name and Description for the profile.
  4. Click Add to enter new URLs in the table
  5. Enter individual URLs e.g. https://www.twitter.com/politics, or https://www.google.com/.+?/admin
  6. Select Categories e.g. Gambling, Sports, Social etc.
  7. A PCRE (Perl Compatible Regular Expression) style regular expression is allowed.
  8. Select the HTTP methods to which the policy is applied. Select All to apply policy for all the HTTP method
  9. Define the policy action for the row
  10. Click the drop-down list to view the actions. These actions are also available for Policy Rules.

    • Allow Log - Allow the requests to the URL with logging a Valtix event for each access
    • Allow No Log - Allow the requests to the URL but do not log a Valtix event
    • Deny Log - Deny the requests to the URL and log a Valtix event
    • Deny No Log - Deny the requests to the URL and do not log a Valtix Event
  11. Select Return Status Code, an integer value greater than or equal to 100 and less than 600 that represents the HTTP status that will be returned to the client making the request. The default is 502.

  12. Select the default policy for URL filtering. Just like an L4 firewall, the default is to deny all the traffic, choosing to allow only a given set of categories or custom URLs. You can change the default behavior to allow all the URLs.
  13. Click Save when completed

Default Action

  1. The last row in the URL profile has ANY as the URLs, and is the default action for the URLs that do not match the specified list.
  2. Change the policy for this row to set the default action for all the URLs not matching the earlier rows.
  3. Attaching a URL profile to a rule starts dropping the URls unless explicitly allowed.

Associate Profile with a Policy Rule

Check this document to create/edit Policy Rules