URL reputation score
The URL Categorization feature provides policy-based control to restrict blacklisted URLs. You can control access to websites based on URL category, reputation score, or URL category and reputation score. If a network administrator monitors a user accessing highly risky websites, he or she can use a responder policy bound to the URL reputation score to block such risky websites.
Upon receiving an incoming URL request, the appliance retrieves the category and reputation score from the URL categorization database. Based on the reputation score returned by the database, the appliance assigns a reputation rating for websites. The value can range from 1 to 4, where 4 is the riskiest type of websites, as shown in the following table.
URL Reputation Rating | Reputation Comment |
---|---|
1 | Clean site |
2 | Unknown site |
3 | Potentially dangerous or affiliated to a dangerous site |
4 | Malicious site |
Use Case: Filtering by URL reputation score
Consider an enterprise organization with a network administrator monitoring user transactions and network bandwidth consumption. If malware can enter the network, the administrator must enhance the data security and control access to malicious and dangerous websites accessing the network. To protect the network against such threats, the administrator can configure the URL filtering feature to allow or deny access by URL reputation score.
For more information about monitoring outbound traffic and user activities on the network, see SWG Analytics.
If an employee of the organization tries to access a social networking website, the SWG appliance receives a URL request and queries the URL Categorization database to retrieve the URL category as social networking and a reputation score 3, which indicates a potentially dangerous website. The appliance then checks the security policy configured by the administrator, such as block access to sites with reputation rating of 3 or more. It then applies the policy action to control access to the website.
To implement this feature, you must configure the URL reputation score and security threshold levels by using the Citrix SWG Wizard.
Configuring reputation score by using the Citrix SWG GUI:
Citrix recommends that you use the Citrix SWG Wizard to configure the reputation score and security levels. Based on the configured threshold, you can select a policy action to allow, block or redirect traffic.
- Log on to the Citrix SWG appliance and navigate to Secure Web Gateway.
- In the details pane, click Secured Web Gateway Wizard.
- In the Secure Web Gateway Configuration page, specify the SWG proxy server settings.
- Click Continue to specify other settings such as SSL interception and identify management.
- Click Continue to access the Security Configuration section.
- In the Security Configuration section, select the Reputation Score checkbox to control access based on URL reputation score.
- Select the security level and specify the reputation score threshold value:
- Greater than or equals to—Allow or block a website if the threshold value is greater than or equal to N, where N ranges from one to four.
- Less than or equals to— Allow or block a website if the threshold value is less than or equal to N, where N ranges from one to four.
- In between— Allow or block a website if the threshold value is between N1 and N2 and the range is from one to four.
- Select a responder action from the drop-down list.
- Click Continue and Close.
The following image shows the Security Configuration section on the Citrix SWG Wizard. Enable the URL Reputation Score option to configure the policy settings.