Skip to main content
McAfee Enterprise MVISION Cloud

URL Filtering Process

The URL filtering process includes several elements, which contribute to it in different ways.

  • Filtering rules — Control the process. There are usually the following types of rules.
    • Blocking rules — Block access to web objects with particular URLs.

      The rules apply if a URL has been entered in a list that is used by these rules or falls into a category that is on a list.

      When categories are used in a rule, the URL filter module is called to handle the retrieval of category

      information from the Global Threat Intelligence (GTI) service.
       
    • Whitelisting rules — Exclude web objects from further URL filtering to ensure they can be accessed by the users in your network.

      Whitelisting rules are placed before the blocking rules in an URL filtering rule set. If a whitelisting rule applies, processing of the following URL filtering rules is stopped to ensure that the blocking rule is not executed.
       
  • Whitelists and blocking lists — These lists are used by whitelisting and blocking rule that exist in the URL filtering process.

    Because a URL filtering rule set is only used for URL filtering, multiple whitelists for several types of objects are not needed in the filtering process, in contrast to, for example, anti-malware filtering.
     
  • URL Filter module — This module, which is also known as an engine, retrieves information on URL categories and reputation scores from the Global Threat Intelligence™ service that is provided by Skyhigh Security. Based on this information, blocking rules block access to URLs.

    Various technologies, such as link crawlers, security forensics, honeypot networks, sophisticated auto-rating tools, and customer logs are used to gather this information. An international, multi-lingual team of Skyhigh Security web analysts evaluates the information and enters URLs under particular categories into a database.

    To gather information on the reputation of a URL, its behavior on a worldwide real-time basis is analyzed, for example, where a URL shows up in the web, its domain behavior, and other details.

    You can configure settings for this module, for example, to perform a DNS lookup for URLs and include the corresponding IP address in the search for category information.
  • Was this article helpful?