URL Filtering Process Order

cancel
Showing results for 
Search instead for 
Did you mean: 

URL Filtering Process Order

L0 Member

we've run some tests on both at client side and in our office lab.

the process for handling url fitlering will start with BLOCK list --> ALLOW list --> URL Category

the logic of it is quite understandable, however, the problem lies with BrightCloud DB. Is it good enough to filter out all the web sites if we were going to "block" all web surfings. If not, using wildcard at BLOCK list will be the best idea, but will this also create problems from those applications that requires "web-browsing" to be allow??

1 ACCEPTED SOLUTION

Accepted Solutions

L5 Sessionator

Best practice would be to filter based on Bright Cloud  categories overall and then use the Block/allow filters for exceptions to those categories - not to handle the brunt of blocking for your web traffic.   You can add web-browsing to the application allow list for those applications that are dependant on web-browsing.

View solution in original post

4 REPLIES 4

L5 Sessionator

Best practice would be to filter based on Bright Cloud  categories overall and then use the Block/allow filters for exceptions to those categories - not to handle the brunt of blocking for your web traffic.   You can add web-browsing to the application allow list for those applications that are dependant on web-browsing.

another extend to this question would be also be related to if user did not purchase URL filtering license. How is it possible to block the web-surfings? ex. MS-UPDATES needs to have web-browsing enabled, but users are not allowed to surf any web sites...and without having the URL filtering enabled, how can it be controlled?

There wouldn't be a way to block web-browsing for all users and allow an application based on web-browsing for those same users.   You'd have to filter based on users who are completely denied web-browsing and those who are allowed web-browsing and ms-updates.

This is another example of why DNS names should be allowed directly in security policy Smiley Happy

Very simplified/compact example:

1) outbound 10.0.0.0 web-browsing update.microsoft.com allow

2) outbound 10.0.0.0 web-browsing deny logforwardprofile email alert (IPS)

3) inbound vendor.com(dynamic IP) ssh 10.0.0.0 allow

URL Filter = Rule 1 and 2 would be combined allow/deny and logforward is all traffic, not just 'monitored'. Rule 3 is not possible.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!