Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Policies > Enforcement order > Responding to a URL request
Responding to a URL request
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
When a user requests a site, Filtering Service is responsible for determining whether to block or permit the request.
 
Important 
If a request triggers Content Gateway analysis, Filtering Service uses the category returned as a result of the analysis to determine whether to block or permit the request.
Filtering Service determines which action to take as follows. At each step, the order of enforcement based on the user making the request is re-confirmed.
1.
Checks the active protocol filter and determines whether any non-HTTP protocols are associated with the request.
*
*
2.
Attempt to match the site to an entry in the Recategorized URLs list for use later in the policy enforcement process. (SeeReclassifying specific URLs for details on recategorized URLs.)
*
*
3.
*
If there is a block exception, block the site.
*
If there is a permit exception, permit the site.
Note that if the URL is permitted by exception, but classified as a security risk, the default action is to block it via security override. Administrators can disable the security override, but this is not recommended.
*
4.
*
*
*
Policies that have been added n the CASB portal determine whether the request is permitted or blocked. No further policy enforcement action is taken by Filtering Service. A log record is created and the action "Protected cloud app forwarded" is applied to the request.
*
*
If a cloud app is explicitly permitted or blocked and is not a managed cloud app, additional lookup against the URL category is done to confirm the URL is not considered a security risk.
Note that if a URL is classified as a security risk, the default action is to block it via security override. Administrators can disable the security override, but this is not recommended.
*
*
*
*
If Block all high risk apps is enabled and the cloud app is considered high risk, the request is blocked unless the cloud app is explicitly permitted.
If a cloud app is considered high risk, additional lookup against the URL category is done determine if it is considered a security risk.
*
*
*
If the cloud app filter does not list the cloud app as specifically blocked or permitted, and Block all high risk apps is not enabled, continue to the next step.
5.
Determines which category filter or limited access filter the policy enforces for the current day and time.
*
If the active category filter is Permit All, permit the site.
*
If the active category filter is Block All, block the site.
*
If the filter is a limited access filter, check whether the filter contains the URL or IP address. If so, permit the site. If not, block the site.
Note that if the URL is permitted by the limited access filter, but classified as a security risk, the default action is to block it via security override. Administrators can disable the security override, but this is not recommended.
*
 
Note 
6.
*
*
*
With Forcepoint Web Security, sites not categorized by the Master Database are analyzed by Content Gateway. If this returns a new category for the site, Filtering Service applies an action based on the new category (rather than continuing to classify the site as Uncategorized).
7.
*
If the action is Block, block the site.
*
8.
Checks for Bandwidth Optimizer settings in the active category filter (see Using Bandwidth Optimizer to manage bandwidth).
*
*
9.
Checks for file type restrictions applied to the active category (see Managing traffic based on file type).
*
*
10.
Checks for blocked keywords in the URL and CGI path, if keyword blocking is enabled (see Keyword-based policy enforcement).
*
*
11.
*
Permit: Permit the site.
*
Limit by Quota: Display the block message with an option to view the site using quota time or go back to the previous page.
*
Confirm: Display the block message with the option to view the site for work purposes.
Filtering Service proceeds until the requested site is either blocked or explicitly permitted. At that point, no further investigation is attempted. For example, if a requested site belongs to a blocked category and contains a blocked keyword, Filtering Service blocks the site at the category level without checking the keyword. Log Server then logs the request as blocked because of a blocked category, not because of a keyword.
 
Note 

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Policies > Enforcement order > Responding to a URL request
Copyright 2018 Forcepoint. All rights reserved.