ADC

Getting Started

September 14, 2021

Contributed by:

S S C

To prevent access to restricted websites, a Citrix ADC appliance uses a specialized URL matching algorithm. The algorithm uses a URL set that can contain a list of URLs up to 1 million (1,000,000) blacklisted entries. Each entry can include metadata that defines URL categories and category groups as indexed patterns. The appliance can also periodically download URLs of highly sensitive URL sets managed by internet enforcement agencies (with government websites) or internet organizations. Once the URL set is downloaded from a website and imported into the appliance, the appliance encrypts the URL sets (as required by these agencies) and they are kept confidential and the entries are not tampered.

The Citrix ADC appliance uses advanced policies to determine whether an incoming URL must be blocked, allowed, or redirected. These policies use advanced expressions to evaluate incoming URLs against blacklisted entries. An entry can include metadata. For entries that have no metadata, you might want to use an expression that evaluates the URL based on an exact string match. For other URLs, you might want to use an expression that evaluates the URL’s metadata, in addition to an expression that checks for an exact string match.

Use Case for Safe Internet Access Policies for ISPs/Telcos

A URL set enables an ISP (ISP) or a Telco customer to enforce government mandated safe internet access policies such as:

Block access to illegal internet sites (child abuse, drugs, and so on)
Safe browsing for children

A Citrix ADC appliance enables you to periodically download URL sets managed by internet enforcement agencies or independent internet organizations. The appliance periodically downloads the list and updates it securely. The list is stored as confidential URL sets so that it is not tampered or human readable. The periodically downloaded URL set functions as a blacklisted set for URL evaluation purposes.

If you have a private URL set and the contents of the list are kept confidential and the network administrator does not know about the blacklisted URLs present in the list. To make sure the policy is configured correctly and the correct list is referenced, you must configure the Canary URL and add it to the URL set. Using the Canary URL, the administrator can request through the appliance uses the private URL set to ensure it is looked up for every URL request.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Getting Started

September 14, 2021

Contributed by:

S S C

September 14, 2021

Contributed by:

S S C

Getting Started

Use Case for Safe Internet Access Policies for ISPs/Telcos

In this article