You can add a new URL Filtering rule from scratch or copy an existing rule and change its settings. See also the recommended URL Filtering policy.
By default, the Cloud App Control policy takes precedence over the URL filtering policy. The service will apply the Cloud App Control policy to a web transaction before applying the URL Filtering policy. To change this setting and have the service apply the URL Filtering policy before the Cloud App Control policy, go to Advanced Settings and disable Allow Cascading to URL Filtering.
To add a rule, follow the instructions below.
- Go to Policy > Web > URL & Cloud App Control.
- Do one of the following:
- Add a rule from scratch OR
- Copy an existing rule
- Enter the URL Filtering Rule attributes.
- Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule’s place in the order. You can change the value, but if you’ve enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
- Rule Name: Enter a unique name for the URL Filtering rule or use the default name.
- Admin Rank: Enter a value from 1-7 (1 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule’s Admin Rank determines the value you can select in Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
- Status: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
- Define the Criteria. You can either choose from the list or add an item.
- URL Categories: Select Any to apply the rule to all URL categories, or select any number of URL super-categories and/or categories. You can also search for categories or click the Add icon to add a new custom category.
- HTTP Requests: Select All to apply the rule to all HTTP requests, or select Post to apply the rule only to HTTP POST requests (for example, only if users try to post on social media sites or send emails through webmail).
- Users: Select Any to apply the rule to all users, or select up to 4 users under General Users. If you've enabled the unauthenticated users policy, you can select Special Users to apply this rule to all unauthenticated users, or select specific types of unauthenticated users. You can search for users or click the Add icon to add a new user.
- Groups: Select Any to apply the rule to all groups, or select up to 8 groups. You can search for groups or click the Add icon to add a new group.
- Departments: Select Any to apply the rule to all departments, or select any number of departments. If you've enabled the unauthenticated users policy, you can select Special Departments to apply this rule to all unauthenticated transactions. You can search for departments or click the Add icon to add a new department.
- Locations: Select Any to apply the rule to all locations, or select up to 8 locations. You can also search for a location or click the Add icon to add a new location. To apply this rule to unauthenticated traffic, the rule must apply to all locations.
- Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
- Select the Action for the rule.
- Click Save to exit the dialog and activate the change. After saving, you can edit or delete rules at any time as necessary.
For information on the order in which the service enforces all policies, including this policy, see How does the Zscaler service enforce policies?