What is URL Filtering?
URL filtering in Zscaler is a way of “blocking” certain URLs from loading on a company network. If an employee would attempt to visit this URL, either by entering it manually or clicking a link in a search engine, they will be redirected to a page notifying them that this content is blocked.
If you have a URL Filtering policy rule that prohibits www.youtube.com but a Cloud App Control policy rule that permits accessing Youtube.
Then user will still be able to access Youtube. This is because if a Cloud App Control policy rule permits the transaction, the service does not automatically apply the URL Filtering policy.
Policy Execution method in Zscaler.
The requirements for the URL filtering rules are separated by a number of logical operators. The outcomes of the following logical operations between the criteria cause the rules to be activated.
URL Categories (
AND) Request Methods (
AND) [Users (
OR) Groups (
OR) Departments] (
AND) [Locations (
OR) Location Groups] (
AND) Time (
AND) Protocols (
AND) User Agent (
AND) [Devices (
OR) Device Groups].
Adding a URL Filtering Rule in Zscaler
- Go to Policy > URL & Cloud App Control.
- Click Add URL Filtering Rule. You can also copy an existing rule by clicking the Duplicate icon.
The Add URL Filtering Rule window appears.
- In the Add URL Filtering Rule window, enter the URL Filtering Rule attributes:
- Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule’s place in the order.
- Admin Rank:Put a number between 0 and 7. (0 is the highest rank). The settings you can choose depend on the admin rank you have been allocated. You are unable to choose a rank higher than your own. The value you can choose in Rule Order is determined by the rule’s Admin Rank, thus a rule with a higher Admin Rank always comes before a rule with a lower Admin Rank.
- Rule Name: Enter a unique name for the rule or use the default name.
- Rule Status: If a rule is activated, it is actively applied. A rule that is deactivated remains in the rule order despite not being actively enforced. Bypassing it, the service goes on to the following\lower rule.
- Rule Label: Select a rule label to associate it with the rule.
4. Define the Criteria. You can either choose from the list or add an item.
- Action: Displays whether the policy rule is disabled or whether it’s set to Allow, Caution, Block, or Isolate.
URL Categories: Choose as many URL super-categories and/or categories as you like. Additionally, you may perform a category search or add a new custom category by clicking the Add icon.
Users: Select up to 4 User.
Groups: Select up to 8 groups.
Departments: Select up to 8 departments.
Locations: Select up to 8 locations.
Location Groups: Select up to 32 location groups
About URL Categories
For granular filtering and policy creation, Zscaler groups URLs into a hierarchy of categories. Six basic classes are present, each of which is further subdivided into predefined super-categories and categories.
The following six preset classes: