Use case: Blocking a URL in a forbidden category

URL filtering on Web Gateway protects your network by preventing users from accessing websites that you don't want to allow. The filtering is based on individual URLs and URL categories.

URL filtering is performed, for example, when a user who works inside your network tries to access an online shopping website.

Your web security policy might not allow online shopping or allow it only to a limited extent, for example, during the lunch break. Access to the online shopping website is blocked in line with this, and the user who requested the access is notified.

Note: Online shopping is not among the URL categories that are blocked by default on Web Gateway. But as an administrator, you can add this category to the relevant block list.

Scenario

  1. A user clicks a link on a webpage of an online shopping site from inside your network. The user is working with a web browser that is configured to run as a client of Web Gateway.
  2. The request is redirected to Web Gateway.

    Request for web access is redirected to Web Gateway


    1 – Your network 2 – Web Gateway 3 – Web
  3. The request is processed in the request cycle on Web Gateway to see if any of the web security rules that are enabled in this cycle apply.

    1. Processing finds the following rule enabled. It is a rule in a default rule set for URL filtering.

      URL.Categories<Default> at least one in list Category Block List for Default Group –> Block<URL Blocked> — Statistics.Counter.Increment (“BlockedByURLFilter”,1)<Default>

      In plain text, this rule says that a request must not be forwarded from your network to the web if the URL within this request is in a category that is on a particular block list.

    2. The rule applies if its criteria matches. To find out if this is so, these substeps are performed:

      • To provide a value for the URL.Categories property, the URL Filter module tries to find the category that the URL falls into. For this purpose, the module retrieves information from the Global Threat Intelligence service.

      • When the URL category has been found, processing continues with checking the block list used by the rule to see if it includes the category.
      • The result is that the URL sent with the request is in the Online Shopping category, which is on the Category Block List for Default Group.

    3. Because the criteria matches, the rule action, which is Block, is executed.

      • Rule processing is stopped for all other rules on Web Gateway.

        A rule already blocks the access, so there is no need to try out any other rules and see if they also block it.

      • The user's request for access to the online shopping site is not forwarded to the web server of that site.
      • A block message is sent to the user's browser instead.

        Web Gateway sends block message to browser


        1 – Your network 2 – Web Gateway 3 – Web

        The message notifies the user that the request was blocked because the URL sent with it was that of an online shopping site, which falls in a forbidden category

        The text and layout of the message can be edited by configuring the BlockedByURLFilter settings, which are shown after the action name in the rule.

      • The Statistics.Counter.Increment event increases the counter for blocking caused by URL filtering.
  4. The block message appears in the user's browser.

    The following is an example of a block message in English language.

    Block message: URL in forbidden category