URL filtering enables companies to block individual web pages and files to restrict what content their employees can access over company networks.
URL filtering restricts what web content users can access. It does this by blocking specific URLs from loading. Corporations implement URL filtering to prevent the use of company resources, devices, network bandwidth, etc. , essentially, unapproved use. URL filtering also helps mitigate malware and phishing attacks by blocking malicious web pages. Secure web gateways often include a URL filtering feature.
What is a URL?
A URL, or Uniform Resource Locator, is the text string that appears in a browser’s address bar. URLs indicate where a user is on the Internet, like a residential address or GPS location.
URLs are more specific than domain names. A URL can refer to exact webpages or files hosted at a domain, not just the domain itself. For instance, the main ZPEnterprises website domain name is zpenterprises.co, but a specific page on that website would have a URL like: https://zpenterprises.co/?s=website
How does URL filtering work?
URL filtering blocks URLs from loading or only allows specific URLs to load on a company network. Users are redirected to a “blocked” page if they attempt to reach a blocked URL.
URL filtering bases its filtering policies on a database that classifies URLs by topic and by “blocked” or “allowed” status. Typically a company will not develop this database internally, relying instead on the vendor providing the filtering service. However, most vendors enable companies to customize which URLs are blocked or allowed.
URL filtering can block individual URLs or categories of URLs. By blocking individual URLs, companies can block specific web pages that are known to be dangerous or inappropriate. Meanwhile, blocking URL categories allows companies to more efficiently restrict the type of content accessed over their networks by blocking large groups of URLs at once instead of having to list hundreds of individual URLs.
Typically, the URL filtering vendor will create the categories and fill them out with groups of URLs related to the same topic or considered objectionable for similar reasons. For instance, all known URLs used for phishing attacks could be tracked in one “phishing” category, and a company could block all these web pages by using that category. Categorization can be an automatic process: some URL filtering services can use machine learning to identify websites that fit a particular category.
URL filtering occurs at the Internet application layer (see What is the OSI model?). The web protocols most frequently used at this layer are HTTP, FTP, and SMTP. The URL filter examines requests that use these protocols, and if they are directed at a blocked URL, it filters out the request and controls the device that the request originated from to a block page.
Is URL filtering the same thing as web filtering?
URL filtering is a type of web filtering. “web filtering” refers to several techniques for controlling the content users within a network can access over the Internet. DNS filtering is another standard technology for restricting web content.
What are the differences between URL filtering and DNS filtering?
DNS filtering and URL filtering perform similar functions. The main difference is that URL filtering blocks URLs, while DNS filtering blocks DNS queries. Another way to put it is that URL filtering blocks web pages, while DNS filtering blocks domains.
DNS filtering allows blocking a website and all its webpages, no matter their URLs, by blocking the domain name. However, URL filtering provides more granular and detailed filtering by allowing companies to block individual web pages instead of the whole website simultaneously.
Because URL filtering is more granular than DNS filtering, it may also require more maintenance and customization. Additionally, it needs to be implemented separately for each application protocol. By contrast, DNS filtering is protocol-agnostic: once turned on, it applies to all types of web traffic.
How do these differences look in practice? Suppose internal employees at a company regularly visited a specific news website that broke the news about their company’s industry. However, the news website also published articles about professional sports, and employees were wasting time and company resources by reading this sports section. DNS filtering would block the news website altogether so that employees could no longer access the site at all, even the news pieces they needed for work purposes; URL filtering would be able to block the sports pages only.
Another use case for URL filtering: Suppose an otherwise harmless website had one webpage among hundreds that had been compromised by an attacker and delivered a malware payload. DNS filtering would block the domain altogether; URL filtering makes it possible to block just that page. (Of course, often it is safest to secure the domain entirely, as DNS filtering does.)
How does URL filtering help block malware and phishing attacks?
Several types of cyber attacks require users to load one or more web pages to be successful. Some cyber attackers aim to trick users into loading a malicious webpage that initiates a malware download. If these malicious webpages are identified as dangerous, URL filtering can block them, preventing this attack.
Other cyber attackers attempt to steal user accounts via phishing attacks, tricking users into giving away their login credentials or active sessions. Many phishing attacks ask users to load fake websites that appear legitimate, where the users are then prompted to enter their credentials, thus giving them to the attacker. Known phishing websites can be filtered by URL filtering, thwarting these attacks.