Configuring Advanced URL Policy Settings


Configuring Advanced URL Policy Settings

Enable to use policy to allow or block transactions with URLs in the Newly Registered Domain URL category.

Enable this option if you want the service to analyze the content of uncategorized websites to check if they belong to one of these URL categories: Adult Material, Drugs, Gambling or Violence. If the service determines the site belongs in one of those categories, it will categorize those sites and apply the policy accordingly.

If you enable Dynamic Content Categorization (DCC), the behavior of your policies is dependent on the response code. Even if you have a policy set to block the Miscellaneous category if the server responds with a response code implying a redirect (3xx) Zscaler allows the transaction and follows the redirect. If the response code implies a server error (5xx) the transaction will also be logged as allowed. Any other code will be blocked if your policy is set to block the Miscellaneous category.

Enable this option to allow the service to enforce the URL Filtering policy for sites that are translated using translation service websites. For example, when this feature is enabled, if you have a policy that blocks www.gambling.com, and a user translates the page to another language using Google Translate, the service will block the translated page.

Enable this if you want the service to return only safe content from searches on Google, Yahoo, Bing, Ask, Live, Yandex, YouTube, blip.tov, Dailymotion, Flickr, AOL Video, and Friendster. SSL inspection must be enabled for this option.

Controls access to Google consumer apps. Type in corporate domains from which your users can access Gmail and other Google apps and click Add Items. To learn more, see Controlling Access to Google Consumer Apps

Enabling this option allows Zscaler to enable local breakout for Office 365 traffic automatically without any manual configuration needed by customers. Enabling this option will turn off SSL Interception for all Office 365 destinations as per Microsoft's recommendation. If you want to continue using existing granular controls for Office 365, disable this option and enable pre-existing configuration. To learn more, see How do I configure Office 365 support?

This enables SSL interception for the login.microsoftonline.com, login.microsoft.com, and login.windows.net domains. Ensure the appropriate intercepting root CA is installed on client PCs before enabling. To learn more, see Support for Microsoft Tenant Restrictions.

Enter "Restrict-Access-To-Tenants" domains. Up to 30 domains can be added. 

Specify the Directory-ID associated with the "Restrict-Access-Context" header for Office 365. You can find your Directory-ID in the Azure Portal.

 While VoIP may be encouraged for its telephone cost savings, it may also be discouraged because of the high bandwidth utilization associated with it. The Zscaler service can block access to Skype, a popular P2P VoIP application.

Screenshot of Advanced Policy Settings page showing buttons used to manage Zscaler advanced URL filtering options