Complete rules of the Default rule set for URL filtering

When working with the complete rules of the Defaultrule set for URL filtering, all rules and rule elements of this rule set can be viewed and configured.

Nested default rule set – Default
Criteria – User-Defined.alreadyFiltered = false
Cycles – Requests (and IM)

The rule set contains the following rules.

Allow URLs that match in URL WhiteList
URL matches in list URLWhiteList –> Stop Rule Set
The rule uses the URL property to check whether a given URL is on the specified whitelist. If it is, processing of the rule set stops and the blocking rules that follow the whitelisting rule are not processed.
You can use this rule to exempt URLs from filtering to make sure they are available to the users of your network and do not get blocked by any of the following blocking rules. Whitelisting also increases performance because it avoids the effort of retrieving information about the respective URLs.
Block URLs that match in URL BlockList
URL matches in list URL BlockList –> Block<URLBlocked> — Statistics.Counter.Increment (“BlockedByURLFilter”,1)<Default>
The rules uses the URL property to check whether a given URL is on the specified blocking list. If it is, processing of all rules stops and the request for access to the URL is not passed on to the appropriate web server. Access to it is blocked this way.
The action settings specify a message to the requesting user.
The rule also uses an event to count blocking due to virus and malware infections. The event parameters specify the counter that is incremented and the size of the increment. The event settings specify the settings of the Statistics module, which executes the counting.
Enable SafeSearchEnforcer
Always –> Continue — Enable SafeSearchEnforcer<Default>
The rule enables the SafeSearchEnforcer, which is an additional module for filtering access to web sites with adult content.
The enabling is done by executing an event. The settings of the module are specified with the event.
Processing continues with the next rule.
Allow uncategorized URLs
List.OfCategory.IsEmpty(URL.Categories<Default>) equals true –> Stop Rule Set
The rule uses the List.OfCategory.IsEmpty property, which has the URL.Categories property as a parameter, to check whether the list of categories for categorizing a URL is empty. This would mean that the URL is uncategorized, as it could not be assigned to any of the existing categories. Specifying the URL.Categories property as a parameter ensures that it is a particular list of categories that is checked. It is the list that is the value of this property.
To provide a list of categories as the value for the URL.Categories property, the URL Filter module is called, which retrieves this list from the Global Threat Intelligence system. The module runs with the specified Default settings.
If a URL is uncategorized, processing of the rule set stops and the blocking rules that follow this rule are not processed. The request for the URL is forwarded to the appropriate web server and, unless access to the URL is blocked in the response or embedded object cycle, the user is allowed to access the web object that was requested by submitting the URL.
Block URLs whose category is in URL Category BlockList
URL.Categories<Default> at least one in list Category BlockList –> Block<URLBlocked> — Statistics.Counter.Increment (“BlockedByURLFilter”,1)<Default>
The rule uses the URL.Categories property to check whether one of the categories a given URL belongs to is on the specified blocking list. The URL Filter module, which is called to retrieve information on these categories, runs with the Default settings, as specified with the property.
If one of the URL’s categories is on the list, processing of all rules stops and the request for access to the URL is not passed on to the appropriate web server. Access to it is blocked this way.
The URLBlocked action settings specify that the user who requested this access is notified of the blocking.
The rule also uses an event to count blocking due to URL filtering in the same way as the blocking rule for individual URLs in this rule set.
Block URLs with bad reputation
URL.IsHighRisk<Default> equals true –> Block<URLBlocked> — Statistics.Counter.Increment (“BlockedByURLFilter”,1)<default>
The rules uses the URL.IsHighRisk property to find out whether a URL has a reputation that lets access to it appear as a high risk. If the value for this property is true, processing of all rules stops and the request for access to the URL is not passed on to the appropriate web server. Access to it is blocked this way.
The reputation score is retrieved by the URL Filter module, which runs with the settings specified after the property.
The URLBlocked action settings specify that the user who requested this access is notified of the blocking.
The rule also uses an event to count blocking due to URL filtering in the same way as the blocking rule for individual URLs in this rule set.