Risk-based URL Filtering Overview

Risk-based URL filtering allows admins to inspect host URLs (i.e., to determine threats associated with URLs and block or allow access accordingly). Admins can configure URL filtering within Internet Threat Protection (ITP) settings in CSE.

URL Exceptions

URL Exceptions are specific URLs that you want to designate as non-threats that do not require inspection.

Pre-requisites

• mac or Windows device (not available for Linux or Chromebook)
• SIA advanced license
• ITP policy associated with your device
• Desktop app version v3.26.0 or later

Steps to Configure Risk-based URL Filtering

Step 1: Navigate to URL Filtering in an ITP Policy

1.1 Navigate from Internet Access > Internet Threat Protection, and select an existing ITP policy.

1.2 Under the Filtering and Exceptions tab, navigate to URL Filtering.

Step 2: Enable Risk-based URL Filtering

2.1 Toggle on Risk-based URL Filtering.

Only those URLs which are not already explicitly blocked by Category, Domain, and Application Filtering or enabled Threat Protections will be inspected.

Step 3: Optionally, add URL Exceptions and/or Explicit URL Blocking

3.1 Optional: Toggle on URL Exceptions.

3.2 Enter the URL(s) you want to bypass URL Filtering (i.e., these URLs will not be inspected).

URL Exceptions will not override enabled Category, Domain, and Application Filtering configurations or Threat Protections. If a URL is blocked at the domain level, for example, excepting a URL based in that domain will not exempt that URL from being inspected or blocked.

3.3 Optional: Toggle on Explicit URL Blocking.

3.4 Enter the URL(s) you want to explicitly block. These URLs will not be accessible to end users.

Explicitly blocked URLs do not override Category, Domain, and Application Filtering configurations or Threat Protections. Explicit URL blocks are processed after domain-level rules.