URL reputation score

The URL Categorization feature provides policy-based control to restrict blacklisted URLs. You can control access to websites based on URL category, reputation score, or URL category and reputation score. If network administrators monitor a user accessing highly risky websites, they can use a responder policy bound to the URL reputation score to block such risky websites.

Upon receiving an incoming URL request, the appliance retrieves the category and reputation score from the URL categorization database. Based on the reputation score returned by the database, the appliance assigns a reputation rating for websites. The value can range from 1 to 4, where 4 is the riskiest type of websites, as shown in the following table.

URL Reputation Rating Reputation Comment
1 Clean site
2 Unknown site
3 Potentially dangerous or affiliated to a dangerous site
4 Malicious site

Use Case: Filtering by URL reputation score

Consider an enterprise organization with a network administrator monitoring user transactions and network bandwidth consumption. If malware can enter the network, the administrator must enhance the data security and control access to malicious and dangerous websites accessing the network. To protect the network against such threats, the administrator can configure the URL filtering feature to allow or deny access by URL reputation score.

For more information about monitoring outbound traffic and user activities on the network, see Analytics.

If an employee of the organization tries to access a social networking website, the ADC appliance receives a URL request. It queries the URL Categorization database to retrieve the URL category as social networking and a reputation score 3, which indicates a potentially dangerous website. The appliance then checks the security policy configured by the administrator, such as block access to sites with a reputation rating of 3 or more. It then applies the policy action to control access to the website.

To implement this feature, you must configure the URL reputation score and security threshold levels by using the SSL Forward Proxy wizard.

Configure reputation score by using the GUI

Citrix recommends that you use the SSL forward proxy wizard to configure the reputation score and security levels. Based on the configured threshold, you can select a policy action to allow, block, or redirect traffic.

  1. Navigate to Security > SSL Forward Proxy.
  2. In the details pane, click SSL Forward Proxy Wizard.
  3. In the details page, specify the proxy server settings.
  4. Click Continue to specify other settings such as SSL interception and identify management.
  5. Click Continue to access the Security Configuration section.
  6. In the Security Configuration section, select the Reputation Score check box to control access based on URL reputation score.
  7. Select the security level and specify the reputation score threshold value:
    1. Greater than or equals to—Allow or block a website if the threshold value is greater than or equal to N, where N ranges from one to four.
    2. Less than or equals to— Allow or block a website if the threshold value is less than or equal to N, where N ranges from one to four.
    3. In between— Allow or block a website if the threshold value is between N1 and N2 and the range is from one to four.
  8. Select a responder action from the drop-down list.
  9. Click Continue and Close.

The following image shows the Security Configuration section on the SSL Forward Proxy wizard. Enable the URL Reputation Score option to configure the policy settings.

URL reputation score

URL reputation score