Responding to a URL request

Technical Library | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Web Protection Policies > Enforcement order > Responding to a URL request

Responding to a URL request

Administrator Help | TRITON AP-WEB and Web Filter & Security | Version 8.2.x

When a user requests a site, Filtering Service is responsible for determining whether to block or permit the request.


	Important With the Web Hybrid module, requests from users outside the network are managed by the hybrid service, which has its own rules for determining whether to block or permit a request.

If a request triggers Content Gateway analysis, Filtering Service uses the category returned as a result of the analysis to determine whether to block or permit the request.

Filtering Service determines which action to take as follows:

1.

Check to see whether the site is listed in an exception.

If there is a block exception, block the site.

If there is a permit exception, permit the site.

Note that if the URL is permitted by exception, but classified as a security risk, the default action is to block it via security override. Administrators can disable the security override, but this is not recommended.

If there is no exception for the site, continue to Step 2.

2.

Determines which category filter or limited access filter the policy enforces for the current day and time.

If the active category filter is Permit All, permit the site.

If the active category filter is Block All, block the site.

If the filter is a limited access filter, check whether the filter contains the URL or IP address. If so, permit the site. If not, block the site.

Note that if the URL is permitted by the limited access filter, but classified as a security risk, the default action is to block it via security override. Administrators can disable the security override, but this is not recommended.

If any other category filter applies, continue to Step 3.


	Note Filtering Service handles URLs accessed from search engine's cache like any other URL. They are blocked or permitted according to the applicable policies. Log records for cached URLs show the entire cached URL, including any search engine parameters.

3.

Checks the active protocol filter and determines whether any non-HTTP protocols are associated with the request.

If so, apply the appropriate action, as defined in the protocol filter.

If not, continue to Step 4.

4.

Tries to match the site to an entry in the Recategorized URLs list.

If a match is made, identify the category for the site and go to Step 6.

If a match is not made, continue to Step 5.

5.

Tries to match the site to an entry in the Master Database.

If the URL appears in the Master Database, identify the category for the site and continue to Step 6.

If a match is not made, categorize the site as Miscellaneous/Uncategorized and continue to Step 6.

With TRITON AP-WEB, sites not categorized by the Master Database are analyzed by Content Gateway. If this returns a new category for the site, Filtering Service applies an action based on the new category (rather than continuing to classify the site as Uncategorized).

6.

Checks the active category filter and identifies the action applied to the category containing the requested site.

If the action is Block, block the site.

If any other action is applied, continue to Step 7.

7.

Checks for Bandwidth Optimizer settings in the active category filter (see Using Bandwidth Optimizer to manage bandwidth).

If current bandwidth usage exceeds any configured limits, block the site.

If current bandwidth usage does not exceed the specified limits, or no bandwidth-based action applies, proceed to Step 8.

8.

Checks for file type restrictions applied to the active category (see Managing traffic based on file type).

If the site contains files whose extensions are blocked, block access to those files. If the site itself is comprised of a blocked file type, block access to the site.

If the site does not contain files whose extensions are blocked, go to Step 9.

9.

Checks for blocked keywords in the URL and CGI path, if keyword blocking is enabled (see Keyword-based policy enforcement).

If a blocked keyword is found, block the site.

If a blocked keyword is not found, continue to Step 10.

10.

Handles the site according to the action applied to the category.

Permit: Permit the site.

Limit by Quota: Display the block message with an option to view the site using quota time or go back to the previous page.

Confirm: Display the block message with the option to view the site for work purposes.

Filtering Service proceeds until the requested site is either blocked or explicitly permitted. At that point, no further investigation is attempted. For example, if a requested site belongs to a blocked category and contains a blocked keyword, Filtering Service blocks the site at the category level without checking the keyword. Log Server then logs the request as blocked because of a blocked category, not because of a keyword.


	Note Users with password override privileges can access websites regardless of why the site was blocked.

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Web Protection Policies > Enforcement order > Responding to a URL request

Copyright 2016 Forcepoint LLC. All rights reserved.