Policy Management
      Back to home
      1. Help Center
      2. Setup Guides
      3. Policy Management

      Full URL / IP Browser Filtering

      Securing Your Systems Against Sophisticated Threats: An In-Depth Guide to Configuring and Managing Full URL and IP Browser Filtering

      Setting Up Full URL Filtering

      To activate and configure Full URL and IP Browser Filtering:

      1. Before you begin, ensure that you have the following prerequisites in place: the Windows Agent must be version 4.5.X.X or higher, and the CyberSight BI Browser Extension should be installed and enabled.
        1. Note: the macOS Agent is not currently supported
      2. Navigate to Policies > Settings
        1. Enable the checkbox for Full URL Filtering on the appropriate polici(es)

      Verifying Feature Activation

      To ensure that Full URL Filtering is successfully activated on a device, you can perform the following checks:

      1. The Extensions modal directly in the browser
        1. Pin the Extension to the toolbar > Click the icon to check status
      2. Full URL Test Page
        1. Navigate to url.zorustech.com/blocked
          1. If Full URL Filtering is active, the user will be presented the standard block page
          2. If Full URL Filtering is not active, the user will be presented with a red error page

      Behavior of URL and IP Scanning

      During a browser session, each full path URL, IP address, and download is scanned against the complete Policy. When a URL or IP is identified as safe and compliant with the Policy settings, it is stored locally for one hour. After this period, it undergoes another verification upon the next navigation.

      Please note: scanning is not performed on pure DNS queries that have already been filtered by the agent, entries listed in the Policy Website Allow list, and in the browser's Incognito mode, unless specified by a Group Policy Object (GPO).

      WARNING! URL scanning may briefly display a blank redirection page, especially on slower connections.

      • URL Inspection:
        • Scans full URLs in real-time, including parameters, to detect malicious activity.
        • Detects hidden threats within trusted domains or subdomains.
        • Blocks malicious links before they are executed or downloaded

      • IP Scanning:

        • Monitors and filters direct IP connections made in the Browser that bypass DNS
        • Prevents unauthorized access and suspicious outbound traffic

      • Content Downloads:

        • Analyzes downloads linked to URLs or IPs for malware and phishing indicators
        • Blocks execution of harmful files

      Managing Full URL Blocks

      Full URL blocks are prominently displayed in the Unblock Requests and Traffic Logs, making it easy to manage and review blocked site addresses.

      Unblock Request 

      The Unblock Request grid will display the reason specified by the Policy for the blocked site address, clearly labeled with the term "Full URL" in the Block Reason column.

      Endpoint Traffic Logs

      The Endpoint Traffic Logs will clearly display any blocked events with a red "Full URL Block" indicator. Hovering over this indicator will reveal the specific Policy Block Reason. Additionally, both reason codes will be available for export in CSV format. 

      Granting Access to a Blocked Full URL

      To grant access to a blocked full URL, you currently must permit the entire domain or subdomain. However, future updates are anticipated to enable the allowance of specific full URL paths within the policy.