URL Filter Settings
The URL Filter settings are used for configuring the URL Filter module, which handles activities related to URL filtering on a Web Gateway appliance.
Instances of the URL Filter settings include the following:
- Default settings — Default settings
These settings are used when working with the default rule set for URL filtering. This rule set is named Default and nested within the URL Filtering rule set.
- Special URL Filtering Group settings — Settings used when working with the nested Special URL Filtering Group ruleset
Extended List
Settings for extended lists.
Option | Definition |
---|---|
Use the extended list |
Provides a list for selecting an extended list. |
Add |
Opens the Add List window for adding an extended list. |
Edit |
Opens the Edit List (Extended List) window for editing the selected extended list. |
Ratings Settings
Settings for retrieving rating information on URLs based on categories and reputation scores
Option | Definition |
---|---|
Search the CGI parameters for rating |
When selected, CGI parameters are included in the search for information. CGI (Common Gateway Interface) parameters in a URL trigger scripts or programs when the URL is accessed. Information on CGIs is considered when categorizing a URL. Eg URL: |
Search for and rate embedded URLs |
When selected, embedded URLs are included in the search for information and rated. Information on an embedded URL is considered when categorizing the embedding URL. NOTE: Searching for embedded URLs can impact performance.
|
Do a forward DNS lookup to rate URLs |
When selected, a DNS lookup is performed for a URL that no relevant information has been found for. The IP address that was looked up is used for another search. |
Do a backward DNS lookup for unrated IP-based URLs |
When selected, a backward DNS lookup, based on its IP address, is performed for a URL that no relevant information has been found for. The host name that was looked up is used for another search. |
Use the built-in keyword list |
When selected, the built-in keyword list is included in the search for search sites to map search terms to categories. Eg: http://wwww.google.com/search?q=porn URL category "Search Engines, Pornography" |
Disable local GTI database |
When selected, no information about web reputation and categories is retrieved from the local Global Threat Intelligence database. |
Use online GTI web reputation and categorization services if local rating yields no result |
When selected, information on URL categories and reputation scores is only retrieved from the Global Threat Intelligence service if the search in the internal database yielded no results. |
Use default server for online GTI web reputation and categorization services |
When selected, the appliance connects to the default server for retrieving information on URL categories and reputation scores from the Global Threat Intelligence system.
|
Enable the Dynamic Content Classifier if GTI web categorization yields no result |
When selected, the Dynamic Content Classifier is involved in the URL filtering process if a search performed by the Global Threat Intelligence service yielded no results. |
Advanced Settings
Advanced settings for the URL Filter module.
Option | Definition |
---|---|
Treat connection problems to the cloud as errors |
When selected, problems arising on the connection from the appliance to the Global Threat Intelligence server are logged as errors. Properties for error handling are set and eventually rules from an Error Handler rule set are executed. |
Do a backward DNS lookup also for private addresses |
When selected, private IP addresses are included in the backward DNS lookup. Excluding these addresses from the lookup leads to an increase in performance for URL filtering. This option is disabled by default. The lookup includes the following types of addresses:
|
Proxy Settings
Option | Definition |
---|---|
Use upstream proxy |
When selected, the appliance uses a proxy for connecting to the Global Threat Intelligence server on which lookups for URL category information, also known as “in-the-cloud” lookups, can be performed. |
IP or name of the proxy |
Specifies the IP address or host name of the proxy. |
Port of the proxy |
Specifies the number of the port on the proxy that listens for lookup requests from the appliance. |
User name |
Specifies a user name for the appliance when logging on to the proxy. |
Password |
Sets a password for an appliance. |
Set |
Opens a window for setting a password. |
Connect to GTI cloud via host name also when a proxy is configured |
When selected, Web Gateway connects to a cloud service for performing GTI lookups using the host name of the server where the cloud service resides, regardless of whether a proxy is also configured. |
Try to bypass the proxy if unreachable |
When selected, Web Gateway tries to bypass a proxy that has been set up if this proxy cannot be reached. |
Trust server certificate |
When selected, a certificate sent under HTTPS by a cloud service for performing GTI lookups is trusted on Web Gateway.
|
Provide client certificate |
When selected, Web Gateway provides a certificate when connecting as a client under HTTPS to a cloud service for performing GTI lookups.
|
Logging
Option | Definition |
---|---|
Enable logging |
When selected, URL filtering activities are logged on the appliance. If this option is not selected, the following logging options are grayed out. |
Log level |
Provides a list for selecting the log level. Log levels are as follows:
|
(Log area) |
Provides a set of options for including different areas of URL filtering activities into the logging.
|
Cloud Settings
Option | Definition |
---|---|
Connection count (maximum) |
Limits the number of connections that can be active at the same time. Maximum number of connections by default: 4 |
Request timeout |
Limits the time between retries of requests on a connection. Maximum time by default: 2000 ms |
Request attempts |
Limits the number of retries. Maximum number of retries: 3 |
Troubleshooting
Settings for troubleshooting issues with URL filtering.
Option | Definition |
---|---|
Automatic air-gap mode |
An automatic air-gap mode can be enabled for connections from a Web Gateway appliance to a Global Threat Intelligence (GTI) server when issues impacting response time arise. Enabling this mode prevents increased response times on GTI server connections from creating overload issues elsewhere, for example, on the anti-malware or the proxy working queue. Traffic resulting from queries sent to and received from the GTI server is reduced in air-gap mode to the minimum that is required to monitor response times in order to recognize a return to normal. When a return to normal is recognized, the automatic air-gap mode is disabled. What is considered a normal response time here can be configured. While the automatic air-gap mode is enabled, information about URL categories and reputation scores can still be retrieved from the local database on Web Gateway. Monitoring functions can be enabled with or without the automatic air-gap mode. The following can be selected for the automatic air-gap mode:
|
Maximum average delay threshold |
Sets a threshold value that marks the acceptable maximum average response time (in ms) on connections to a GTI server. Default: 250 ms
|
Retention time enable air gap |
Sets the time interval (in seconds) over which the average response time on GTI server connections must exceed the configured threshold before a warning message is logged and the automatic air-gap mode is enabled if available and activated. Default: 10 seconds |
Retention time disable air gap |
Sets the time interval (in seconds) over which the average response time on GTI server connections must fall below the configured threshold before a back-to-normal message is logged and the automatic air-gap mode is disabled if previously enabled. Default: 120 seconds |
Probing rate if enabled |
Sets the percentage of requests for web access submitted by users for which queries are sent to a GTI server to a minimal value that applies when the automatic air-gap mode is enabled. Keeping a minimal amount of traffic on the connections to the GTI server is required to monitor this traffic in order to recognize when response times return to normal, so the automatic air-gap mode can be disabled. Default: 1 % |
UI Dashboard extension for GTI monitoring
Steps to be followed:
- Download the file: dashboard-gti.zip
- Copy Dashboard GTI xml to handshake directory
cp dashboard-gti.xml /opt/mwg/share/handshake
- Go to the handshake directory:
cd /opt/mwg/share/handshake
- Changed the permission :
chmod 644 dashboard-gti.xml
- Restart UI Service:
service mwg-ui restart