Create a Suspicious URL List
The Suspicious URL List is a group of URLs which are potentially a known threat. You can configure how the Gateway applies these, using a number of rules.
You can add a Suspicious URL List to a URLs and Hyperlinks clause in the What To Look For? section of Content rules.
Suspicious URL List Rules
You can select any combination of Rules to apply to a Suspicious URL List:
- URLs containing an IP address instead of a hostname: for example,
http://192.168.1/default.html -
URLs containing encoded characters in the hostname: the hostname part of a URL containing percent encoded characters. For example,
http://www.%63%6c%65%61%72%73%77%69%66%74.com - URLs containing authentication details: for example,
ftp://username:password@address - URLs purporting to be secure that are not: URLs that attempt to deceive users into thinking it is using the secure HTTPS protocol when it is actually using the unsecure HTTP protocol. For example,
http://https-securewebsite.org - URLs to non-standard port numbers: a port number which is not expected for the given protocol of the URL. For example,
http://www.companyname.com:443which has an HTTP URL attempting to connect on port 443 (which is usually used for HTTPS) rather than the expected port 80. - URLs to local files: any URL prefixed with
file://... - URLs that contain (and possibly redirect to) other URLs: URLs that appear to contain another URL. Such URLs might be using a redirection service to hide the true destination from users. For example,
http://saferedirectservice.com/?target=http%3a%2f%2fwww.malicioussite.net
Create a Suspicious URL List
-
Navigate to Policy > Policy References > URL Lists. The Manage URL Lists page is displayed.
-
In the URL Lists panel, click
New. The Choose URL List Type dialog is displayed. - Select Suspicious URL List and click Create.
-
Use the Overview section to add a Name and optional Notes for the Suspicious URL List.
Add a new URL to a URL List
You cannot add a URL to a Suspicious URL List. This list is managed dynamically by the Gateway. However, you can adapt the rules to configure how the list of Suspicious URLs is applied to your security policy.
Adapt the Rules of a Suspicious URL List
You can select rules which determine how the Suspicious URL List is applied. In the Rules section, select the rules you want to apply or select All rules to apply them all by default.
Click Save.
|
If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Peer Gateways for more information. |