PDF of all topics related to URL Categories

Transcription

URL Categories Feature
PacketShaper 11.5
Third Party Copyright Notices
© 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE,
POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS
APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSINESS, BLUETOUCH, the
Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are registered trademarks or trademarks of Blue
Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of
a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the
trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective
owners. This document is for informational purposes only.
BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN
THIS DOCUMENT. BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA
REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS,
REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN
OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND
REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES,
PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER
IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU.
Americas:
Blue Coat Systems, Inc.
384 Santa Trinita Ave.
Sunnyvale, CA 94085
Rest of the World:
Blue Coat Systems International SARL
3a Route des Arsenaux
1700 Fribourg, Switzerland
1/25/2016
URL Categories Overview
Web URLs can be grouped into various categories, such as social networking, gambling, pornography, news media, and
shopping. PacketShaper is able to analyze URLs that users are requesting, determine what category the website belongs
to, and classify the traffic into the appropriate category class. This gives you granular visibility into the type of web traffic on
your network. You can also use PacketShaper’s control capabilities to assign policies based on the category. For example,
you can assign a never-admit policy to all the category classes with adult content. For a complete list of the URL categories
PacketShaper can identify, see URL Categories.
The following steps and illustration describe PacketShaper's URL categorization and classification process. This process
assumes the WebPulse feature is enabled and the traffic tree has been configured for category classes (see Category
Classification below).
1. When a user requests a web page,
PacketShaper first looks in its in-memory URL
cache to see if it has already categorized the
URL. If it finds the URL in the cache, it jumps to
step 4. If not, it proceeds to step 2.
2. PacketShaper sends the URL to WebPulse, a
cloud-based service provided by Blue Coat that
(a) receives URL categorization requests and (b)
responds with the ID* of the category
associated with the URL.
3. This URL and its category ID are then stored in
the URL cache in the PacketShaper system
memory.
4. PacketShaper looks in the WebPulse map file
for the category name associated with the
URL’s category ID.
5. PacketShaper classifies the traffic into the
appropriate category class, and applies any
policy that might be assigned to the class.
* This example assumes the URL has a single category ID. However, WebPulse can assign up to four categories to a given
URL.
Note: In addition to the URL category, WebPulse looks up the web application and operation. See WebPulse
Overview for a description of the complete process.
3
WebPulse Express
With WebPulse Express, the URL database is stored locally (available on the PS-S500 appliance only). The following
steps and illustration describe the process for identifying URL categories when the URL database is on box.
PacketShaper first looks in its on-box URL
database for the URL.
2. If it finds the URL in the database, it jumps to
3. PacketShaper looks in its in-memory URL
caches to see if it has already identified the
URL. If it finds the URL in the cache, it
proceeds to step 4. If not, PacketShaper sends
the URL to the WebPulse cloud to identify the
URL category.The URL and its category ID is
stored in the URL cache in the PacketShaper
system memory.
4. PacketShaper looks in the WebPulse map files
for the category name associated with the
URL’s category ID.
appropriate class, and applies any policy that
might be assigned to the class.
Category Classification
Each HTTP request is categorized; this means a flow may jump across multiple classes during its lifetime. When a user
browses a website, such as cnn.com, the browser attempts to resolve all the embedded links on that site to make them
viewable; this could result in many class and category hits for a single website visit.
SSL traffic is categorized based on the domain in the common name field of the SSL certificate.
When URL categorization is enabled, you will have the ability to:
l
l
Create classes based on specific URL categories, and PacketShaper will then classify web traffic that
corresponds to each of these categories into the appropriate class.
Auto-discover category classes. Note that you cannot auto-discover category classes at the top level of the traffic
tree.
4
A traffic tree can have a mix of
category-based classes and webapplication classes. Web-application
classes are more specific than
category-based classes and will
naturally sort to the top of the traffic
tree, as shown on the tree to the left.
With a class tree that has both webapplication and category-based
classes, users can provide different
treatment to a specific web
application (such as Facebook) as
opposed to other traffic in its URL
category (Social Networking).
But what if you prefer Facebook to be classified into
the Social_Networking category class instead of
the Facebook web application class?
In situations where you don’t need special
treatment for a web application, you will want your
category classes to get the class hits, instead of
the web application classes. You can do this by
making the Categories class an exception, as
shown on the tree to the right. The exclamation
point (!) indicates the class was made an exception.
The WebPulse service can assign up to four categories to a given URL. For instance, a URL and its corresponding flow
could contain the following category IDs:
catids[1 (Adult/Mature Content), 6(Nudity), 4(Sex Education)]
When such a flow is sent through the class tree, a class hit will occur if any one of the four categories matches a category
defined in a class. This capability enables matching of nested categories within the class tree. For instance, if Farmville is
categorized as both Social Networking and Games it will hit the Games class in the following class tree:
Inbound
Social_Network
Games
Default
5
The above traffic tree would allow you to designate a different policy for social networking games than for other types of
social networking traffic.
WebPulse Interaction
Blue Coat WebPulse contains a database of over 15 million entries, manages 85+ categories across 50 languages, and
can return up to four categories per URL. URL categories are provided to the PacketShaper via requests to WebPulse
service points located across the globe. Each service point is periodically pinged in order to ensure that categories are
provided from the fastest service point.
When a user requests a URL (such as a brand new website) that has not already been categorized by WebPulse, the
WebPulse dynamic categorization service queries the target website and retrieves key pieces of the page's content and
context. After analyzing elements of the web pages, including the language used, the dynamic real time rating (DRTR)
service determines both a likely category and a confidence factor that the rating is correct. Note that the PacketShaper will
not hold up traffic during this process. In the rare event that the DRTR service does not yield a result with a high
confidence level, the category rating request for the particular page is labeled unknown.
PacketShaper includes support for DRTR requests of plain HTTP traffic, but not HTTPS since only domain level
information is available for SSL.
URL Cache
After WebPulse has looked up the category for a URL, PacketShaper stores the results in a URL cache in its system
memory. Since serving from the cache is faster and more efficient than querying WebPulse, PacketShaper will always
check the cache first before sending a query to WebPulse. WebPulse provides a “time to live” (TTL) for each
categorization response. The PacketShaper scales this TTL by a multiple of seven to improve its cache efficiency. For
instance, if the WebPulse service returns a TTL of one day for a particular URL, the PacketShaper will cache that URL
and its associated categories for seven days.
The maximum cache size and number of entries in the cache varies by PacketShaper model. See Configuration Limits in
PacketGuide.
The URL cache is stored in system memory, so the contents will be removed if the PacketShaper is reset or loses power.
To preserve the cache contents, PacketShaper automatically backs up the cache to the 9.1026/urlcat/cache folder every
24 hours (replacing the previous backup). After a PacketShaper reboot, the most recent URL cache backup is
automatically copied into system memory.
With WebPulse Express, the cache is used only if a URL is not in the on-box database and the URL needs to be looked up
in the WebPulse cloud.
Feature Limitations
The URL categorization feature has the following limitations:
l
l
Because the PacketShaper gives higher priority to flow delivery than to classification, it will never hold up flows to
wait for a response from WebPulse. Therefore, the first few packets of a flow may get classified into a web or
default class until WebPulse sends the URL category to the PacketShaper.
Packet processing takes precedence over URL categorization. If the PacketShaper is under load, category
requests may get queued, and some requests may be dropped.
6
l
Behavior for asymmetrically applied redirect policies is non-deterministic for URL category-based classes since
URL categorization is done out of path. Therefore, when applying never-admit policies with the redirect option, be
sure to apply the policy to the category classes in both directions (Inbound and Outbound).
7
WebPulse Overview
Blue Coat products such as PacketShaper are able to send URLs to the WebPulse cloud service or an on-box
URL database so that it can identify the URL category (social networking, gambling, pornography, news media, shopping,
etc.), web application (such as Facebook, Gmail, LinkedIn, Twitter, and Flickr), and operation (such as Download
Attachment, Play Video, and Send Email). PacketShaper can then use this information to classify the traffic into classes
based on the URL category, web application, or operation. By using WebPulse, PacketShaper can expand its
classification capabilities to include over 85 categories, 170 web applications, and 20 different web operations.
WebPulse contains a database of over 15 million entries and is growing every day. It provides URL identification to the
PacketShaper via requests to WebPulse service points located across the globe. Each service point is periodically pinged
in order to ensure that category, application, and operation IDs are provided from the fastest service point.
The following steps and illustration describe PacketShaper's process for identifying categories, web applications, and web
operations of URLs.
PacketShaper first looks in its in-memory URL
URL. If it finds the URL in the cache, it jumps to
2. PacketShaper sends the URL to WebPulse to
identify the category, web application, and
operation associated with the URL.
3. The URL and its IDs for category, web app, and
operation are stored in the URL cache in the
PacketShaper system memory.
for further information. For example, the
category map file contains the category name
associated with the URL’s category ID.
WebPulse Express
Caution: This feature is available only on PS-S500 appliances with 64GB of memory. See setup webpulse express.
With WebPulse Express, the URL database is stored locally (available on the PS-S500 appliance only). The following
steps and illustration describe the process for identifying categories, web applications, and operations of URLs when the
URL database is on box.
8
PacketShaper first looks in its on-box URL
database for the URL.
2. If it finds the URL in the database, it jumps to
3. PacketShaper looks in its in-memory URL
URL. If it finds the URL in the cache, it
proceeds to step 4. If not, PacketShaper sends
the URL to the WebPulse cloud to identify the
category, web application, and operation
associated with the URL.The URL and its IDs
for category, web app, and operation are stored
in the URL cache in the PacketShaper system
memory.
for further information. For example, the
category map file contains the category name
associated with the URL’s category ID.
URL Cache
After WebPulse has looked up a URL in its database in the cloud, PacketShaper stores the results in a URL cache in its
system memory. The URL and its category, web application, and operation IDs are stored in this cache. Since serving from
the cache is faster and more efficient than querying WebPulse, PacketShaper will always check the cache first before
sending a query to WebPulse. WebPulse provides a “time to live” (TTL) for each URL response. The PacketShaper scales
this TTL by a multiple of seven to improve its cache efficiency. For instance, if the WebPulse service returns a TTL of one
day for a particular URL, the PacketShaper will cache that URL and its associated IDs for seven days.
The maximum cache size and number of entries in the cache varies by PacketShaper model. See Configuration Limits in
PacketGuide.
The URL cache is stored in system memory, so the contents will be removed if the PacketShaper is reset or loses power.
To preserve the cache contents, PacketShaper automatically backs up the cache to the 9.1026/urlcat/cache/ folder every
24 hours (replacing the previous backup). After a PacketShaper reboot, the most recent URL cache backup is automatically
copied into system memory.
If WebPulse is disabled, PacketShaper does not look up URLs in the WebPulse cloud or in the URL cache.
With WebPulse Express, the cache is used only if a URL is not in the on-box database and the URL needs to be looked up
in the WebPulse cloud.
9
Monitoring WebPulse-Related Traffic
If you want to monitor or control WebPulse query traffic, you can create a class based on the WebPulse service. There are
two ways to do this:
l
Manually create a WebPulse child class of the Localhost classes.
or
l
Turn on class discovery for the Localhost classes. (Localhost represents PacketShaper management traffic.)
Note: If there are other Blue Coat products on your network that are using the WebPulse service (such as ProxySG
or ProxyClient), these WebPulse queries are classified into a WebPulse class at the root (not Localhost). The
Localhost/WebPulse class classifies only PacketShaper queries to WebPulse.
WebPulse Deployment Requirements
WebPulse has the following deployment requirements:
l
l
l
The PacketShaper must have Internet access to connect to the WebPulse service.
A DNS server must be configured on the PacketShaper.
If you want to secure access to the outside interface, do not use the secure option because WebPulse requires
access to a number of outside web servers. Instead, use the list security option and add the IP addresses of the
following servers to the exception list:
l
WebPulse service points (Use the setup webpulse show service CLI command to see the IP addresses
of the servers; add the one or two fastest servers.)
l
WebPulse map update server (sitereview.bluecoat.com)
l
support update server (updates.bluecoat.com)
l
heartbeat server (hb.bluecoat.com)
Note: To find the IP address associated with each of these servers, use the nslookup command (such as
the dns lookup CLI command).
l
WebPulse Express requires a PS-S500 with 64 GB of RAM and a WebPulse Express subscription.
10
Create a Category-Based Traffic Tree
Instructions for detecting and organizing the URL categories running on your network
There are several different ways to structure a traffic tree that classifies URL categories, depending on what your goals are.
Select your desired goal to read the steps for creating the corresponding tree:
l
Goal 1: You want to find out which categories users are accessing.
l
Goal 2: You are interested in monitoring (and perhaps blocking) traffic from specific categories.
l
Goal 3: You want to treat secure and unsecure traffic for a specific category differently.
l
Goal 4: You are not so much interested in monitoring/controlling specific categories as you are in types of
categories.
For more information about how PacketShaper classifies URL categories, see URL Category Overview.
11
Create a Category-Based Traffic Tree:
to Find Out Which Categories Users are Accessing
This traffic tree is built using PacketShaper's auto-discovery feature. However, unlike services, categories are not autodiscovered in the root directory of the traffic tree—you need to create a class with an "all categories" matching rule and turn
on discovery for the class. As web traffic appears on your network, PacketShaper will automatically create category
classes under the Categories class. Other types of traffic will be auto-discovered as service-based or port-based classes.
To create a traffic tree that auto-discoveries categories
and services:
1. Decide which categories you are interested in
analyzing. By default, PacketShaper discovers
category classes for all categories it sees, but
you can filter which categories get autodiscovered.
2. Create an "all categories" class, turn on class
discovery, and make this an exception class.
For details, see "Auto-Discover Category
Classes" (in Sky, Advanced UI).
3. Make sure WebPulse and global traffic
discovery are enabled.
4. Allow some time to pass to see what categories
are discovered on your network. These
categories will appear in the traffic tree as child
classes of the "all categories" class.
5. View a graph of top ten categories to see which
categories are using the most bandwidth.
6. Look at the Monitor screen (Advanced UI) or
Traffic Management tab (Sky) to see current
utilization statistics on the various categories.
Select Categories to be Discovered
If you only care about monitoring and controlling some of the URL categories, you can turn off the auto-discovery of the
categories you are not interested in. By doing so, you will not clutter your traffic tree with classes you don't care about. By
default, discovery is enabled for all categories.
To select categories to be auto-discovered:
1. Click the Setup tab.
2. Choose the WebPulse setup page.
12
3. Click the
next to Configure URL Category Discovery. The categories are listed.
4. In the Configure URL Category Discovery table, hold down Ctrl and click each category you do not want to discover; then
click off.
or
If you want to discover only a few categories, click all off to set discovery off for all categories. Then select the categories
you do want to discover and click on.
5. Click apply changes.
Additional Information
l
l
Even when you have turned off discovery for a category, you can still create a class based on this category and
PacketShaper will classify traffic into the category.
By default, PacketShaper auto-discovers category classes after it sees one flow for the category in a one-minute
time interval. This threshold is user configurable via the URL Categories system variable. See Adjust System
Variables in PacketGuide.
13
Auto-Discover Category Classes
To auto-discover category classes, you need to create an "all categories" class, turn on class discovery, and make sure
global traffic discovery is enabled. If you also want to auto-discover service-based classes, you should make the "all
categories" class an exception so that it appears at the top of the traffic tree and web traffic will get classified into the
category class instead of the web-based classes (such as HTTP, SSL, or HTTP-Tunnel).
To auto-discover category classes:
1. In Inbound, create a class named Categories, and select All Categories for URL Category.
2. Select Exception and enable Traffic Discovery within Class. Click apply changes.
3. Repeat steps 1 and 2 for Outbound (or copy the class).
4. Make sure WebPulse and global traffic discovery are enabled.
As web traffic appears on your network, PacketShaper will create category classes under the Categories class. For
example:
Categories
Business_Economy
Chat_Instant_Messaging
Computers_Internet
Content_Servers
Email
Financial_Services
Shopping
Social_Networking
Default
Auto-Discover Category Classes in Blue Coat Sky
To auto-discover category classes, you need to create an "all categories" class, turn on class discovery, and make sure
global traffic discovery is enabled. If you also want to auto-discover service-based classes, you should make the "all
categories" class an exception so that it appears at the top of the traffic tree and web traffic will get classified into the
category class instead of the web-based classes (such as HTTP, SSL, or HTTP-Tunnel).
To auto-discover category classes:
1. In the Root(/), create a simple-match class named Categories.
2. For Direction, select Both.
3. Select Exception.
4. Enable Auto-Discovery in Class.
5. For the Simple Match Type, select URL Category, and select All Categories from the drop-down list.
14
6. Click Apply.
As web traffic appears on your network, PacketShaper will create category classes under the Categories class. For
example:
Categories
Business_Economy
Computers_Internet
Content_Servers
Email
Financial_Services
Shopping
Social_Networking
Default
Note: By default, PacketShaper auto-discovers category classes after it sees one flow for the category in a oneminute time interval. This threshold is user configurable via the URL Categories system variable. See Adjust
System Variables in PacketGuide.
Configure WebPulse
WebPulse is a service provided by Blue Coat that receives URL identification requests and responds with the IDs of the
category, application, and/or operation associated with the URL. When WebPulse is enabled, you will have the ability to:
l
l
create classes based on specific URL categories, and PacketShaper will then classify web traffic that corresponds
to each of these categories into the appropriate class
auto-discover category classes (you must first create an "all categories" class and enable class discovery)
15
l
l
create classes based on specific web applications and operations
auto-discover web application classes
The WebPulse URL database is either in the cloud or stored locally on the appliance. Note that the option for a locally
stored database is available only on PS-S500 appliances using WebPulse Express (see setup webpulse express).
To configure WebPulse:
1. Click the Setup tab.
2. Choose the WebPulse setup page.
3. For WebPulse, select on.
4. (Optional) . Select which categories you want to auto-discover.
l
l
l
time interval. This threshold is user configurable via the URL Categories system variable.
If you have secured the PacketShaper's outside interface, the WebPulse feature requires that you add the following
servers to the exception list: the fastest WebPulse service points (use the setup webpulse show service CLI
command to find the IP addresses), the WebPulse map update server (sitereview.bluecoat.com), and the support
update server (updates.bluecoat.com).
Although you can create URL category and web application classes when WebPulse is disabled, there won't be
any classification into these classes until you enable WebPulse.
16
l
If WebPulse is disabled, PacketShaper does not look up URLs in the WebPulse cloud, in the URL cache, or in the
WebPulse Express local database.
Enable/Disable Traffic Discovery
When traffic discovery is enabled, PacketShaper automatically creates traffic classes based on the service types it
detects. When traffic discovery is disabled, traffic classes are not autodiscovered.
To turn traffic discovery on or off:
1. Click the Setup tab. The Basic Settings screen is automatically displayed in the Setup window.
2. In the Traffic Discovery field, select on to enable discovery or off to disable.
3. Click apply changes to update the settings.
Create Top 10 Categories Graph
Depending how your category classes are structured in your traffic tree, you may be able to create a graph of your top ten
17
categories. If your category classes were auto-discovered or manually created under a single class (such as HTTP or a
class with an "all categories" matching rule), you can create a Top 10 Children Classes graph of the parent class to see
which categories are generating the most traffic on your network. For example, if you auto-discovered categories under an
"all categories" class, you can select this parent class and graph its top ten children.
To create a top 10 categories graph:
1. Click the Monitor tab in the Advanced UI.
2. Click the
appears.
icon next to the class that is the parent of the category classes. The Statistics:Reports screen
18
3. For Graph Type, select Top 10 Children Classes.
4. Click create report to display the graph with the default time period (last hour).
or
Specify the period you want to graph:
l
Enter a number in the Period column and select the units (hour, day, week, or month).
l
Select an end date for the graph. The default end date is now (the current date).
l
Select an end time for each graph. The default time is now (the current time).
l
Click create report to view the graph.
19
to Manage Traffic from Specific Categories
To build this type of traffic tree, you manually create classes for just the categories you want to manage. If you want to
apply the same controls to multiple categories (for instance, apply a never‐admit policy to all categories containing adult
related content), you can create a single class (Adult_Content) and add matching rules for each category. This technique
is also useful to consolidate classes in situations where your PacketShaper is reaching its maximum class limit.
To create a traffic tree to monitor and control specific
URL categories:
1. Create a class for the category you want to
monitor.
or
Create a class for multiple categories.
2. (Optional) Make this an exception class.
Note: When a category class is created
in the root, you will usually want to make
it an exception class to make sure the
web traffic gets classified into the
category class instead of in servicebased classes (such as HTTP,
Facebook, MySpace, or other services
that use HTTP as a transport).
3. (Optional) Apply a policy to the category class.
See Block a URL Category if you want to block
access to the websites in the categories
defined in the class.
Tip: In Blue Coat Sky, you can select
multiple classes and apply the same
policy to them.
4. Repeat the above steps for other category
classes you want to analyze.
5. Make sure WebPulse is enabled.
6. Enable global traffic discovery if you want to
auto-discover service-based and port-based
classes.
20
Note: Another way to build this type of traffic tree is to auto-discover just the categories you are interested in. By
default, PacketShaper discovers category classes for all categories it sees, but you can filter which categories get
auto-discovered.
Create a Category-Based Class
You can manually create classes for any of the 70+ categories PacketShaper can classify. Alternatively, you can have
PacketShaper auto-discover the categories.
To create a category-based class:
1. Click the Manage tab.
2. In the left window pane, select the class or folder (such as Inbound or HTTP) that will be the parent of the class you are
about to define.
3. Click class and select add. The New Traffic Class screen appears.
4. In the Name field, type a descriptive name (up to 31 characters; hyphens, underscores, and periods are acceptable).
5. To classify by a particular URL category, choose the URL Category from the drop-down list.
21
To create a class that discovers child classes for URL categories, choose All Categories, and then turn on class
discovery.
6. Click add class.
7. (Optional) Select Exception and click apply changes.
Note: When a category class is created in the root, you will usually want to make it an exception class to make sure
the web traffic gets classified into the category class instead of in service-based classes (such as HTTP,
Facebook, MySpace, or other services that use HTTP as a transport).
Turn on Traffic Discovery for an Individual Class
Certain classes such as PVC, VLAN, subnet, Citrix, DICOM, Oracle, PostgreSQL, RTCP, and RTP classes can be more
specifically classified. For these types of classes, you can choose to enable traffic discovery within the class. If you turn
on traffic discovery:
22
l
l
l
l
l
l
for a subnet class (such as Marketing or Engineering), PacketShaper will discover all the traffic running on the subnet
and create child classes for these services.
for Oracle and PostgreSQL classes, PacketShaper will create child classes for each database that is discovered.
for Citrix classes, PacketShaper will create child classes by published application.
for DICOM classes, PacketShaper will automatically discover DICOM client or server applications.
for RTP and RTCP classes, PacketShaper will automatically create child classes by encoding name (codec). Or, if
you rather sub-classify RTP traffic by user agent, you can enable the enableVoIPUseragentAutoDiscovery system
variable.
for ProxySG-ADN classes, PacketShaper will automatically create child classes for applications or ports used in the
ADN tunnel.
Traffic discovery cannot be enabled within some classes because the auto-discovery process cannot categorize those
traffic types in any greater detail. For example, a class that matches on IPX cannot be further auto-classified.
In order for class discovery to work, you must have traffic discovery enabled. If discovery is enabled for a class, but is
turned off for the unit, new classes will not be discovered. See Enable/Disable Traffic Discovery.
To turn on traffic discovery for a specific traffic class:
1. Click the Manage tab on the navigation bar. The Traffic Class window appears.
2. Select the class name In the left window pane. The class' details appear in the Traffic Class window.
3. Locate the Traffic Discovery within Class option.
23
Note: If "Not Available" appears next to Traffic Discovery within Class, the selected class cannot be classified in
any greater detail.
4. Select the Enabled checkbox.
Create a Category-Based Class in Blue Coat Sky
You can manually create classes for any of the 70+ categories PacketShaper can classify. Alternatively, you can have
PacketShaper auto-discover the categories.
To create a category-based class:
1. Click the Traffic Management tab. The class tree appears in the upper pane.
2. In the class tree, select the parent class for your new class (such as Root).
3. Click the Policy Manager
icon. The Policy Manager appears in the lower pane.
4. Select the Class Operations tab.
5. Click Add Class.
6. In the Name field, type a name for the category class (up to 31 characters; hyphens, underscores, and periods are
acceptable).
7. For Direction, select Both.
24
8. (Optional) Select Exception.
Note: When a category class is created in the root, you will usually want to make it an exception class
to make sure the web traffic gets classified into the category class instead of in service-based classes
(such as HTTP, Facebook, MySpace, or other services that use HTTP as a transport).
9. For the Simple Match Type, select URL Category, and select the category name from the drop-down list.
10. Click Apply.
Create a Class for Multiple Categories
If you want to apply the same controls to multiple categories (for instance, apply a never-admit policy to all categories
containing adult related content), you can create a single class (Adult_Content) and add matching rules for each category.
This technique is also useful to consolidate classes in situations where your PacketShaper is reaching its maximum class
limit.
To create a class that matches web traffic from multiple categories:
1. In Inbound, create a class that describes the type of traffic (for example, Adult_Content), and choose the first URL
Category (such as Pornography) from the drop-down list. Click add class .
2. (Optional) Select Exception and click apply changes.
Note: When a category class is created in the root, you will usually want to make it an exception class to make sure
the web traffic gets classified into the category class instead of in service-based classes (such as HTTP, Facebook,
MySpace, or other services that use HTTP as a transport).
3. Add a URL category matching rule for each category associated with the class.
4. Repeat steps 1 and 2 for Outbound (or copy the class).
Create a Class for Multiple Categories in Blue Coat Sky
If you want to apply the same controls to multiple categories (for instance, apply a never-admit policy to all categories
25
containing adult related content), you can create a single class (Adult_Content) and add matching rules for each category.
This technique is also useful to consolidate classes in situations where your PacketShaper is reaching its maximum class
limit.
To create a class that matches web traffic from multiple categories:
1. In the Root of the class tree, create a class that describes the type of traffic (for example, Adult_Content), and choose
the first URL Category (such as Pornography) from the drop-down list.
2. Select Exception, and click Apply.
Note: When a category class is created in the root, you will usually want to make it an exception
class to make sure the web traffic gets classified into the category class instead of in service-based
classes (such as HTTP, Facebook, MySpace, or other services that use HTTP as a transport).
3. Add a URL category matching rule for each category associated with the class.
Block a URL Category
Instructions to prevent users from accessing all websites from a particular URL category
Note: Because PacketShaper gives higher priority to flow delivery and packet processing than to URL
categorization, the never‐admit policy cannot be used as a comprehensive content filtering feature; it's possible
that some requests for websites in blocked categories may not actually get blocked. For a more robust content
filtering solution, you would want to add a ProxySG to your deployment.
Steps:
1. Create a traffic class for the URL category you want to block, if one does not already exist. For example, to block
user attempts to view porn sites, create a class called Pornography and identify the Pornography category.
or
26
Create a class that classifies multiple categories of similar content (such as all the categories that contain adult
content).
2. Decide if you want to redirect the user to an alternate web page that appears when a category is blocked. For
example, this web page might explain the company's web-access policy. If you want to do this, make note of the
URL of the alternate web page; you will enter this URL in the next step.
3. Set a never-admit policy on your traffic class to block the traffic:
To redirect users to a web page, set a never-admit policy on your class using the web-redirect option and specify
the alternate URL.
To block traffic without redirection, set a never-admit policy on your class using the web-refuse option.
4. (Advanced UI only) Repeat the above steps for the Outbound direction.
Note: Blue Coat Sky has the option to create classes in both directions, eliminating the need to repeat the
steps.
5. Make sure shaping is enabled.
27
to Treat Secure and Unsecure URL Categories Differently
As with the tree in Goal 1, this type of traffic tree is also built using PacketShaper's auto-discovery feature. However,
instead of discovering the categories under an "all categories" class, you auto‐discover categories under web‐based
classes. This technique allows you to have different controls for categories depending on the type of web service so that
you can create different policies for categories that are secure web traffic versus unsecure. For example, you can as block
unsecure financial web (HTTP) traffic, but allow secure (SSL) financial traffic. You can do this for any service that uses
HTTP or HTTPS as its transport, such as HTTP, SSL, and HTTP‐Tunnel.
After you have configured this type of traffic tree, PacketShaper will automatically create category classes under the webbased classes as web traffic appears on your network. Other types of traffic will be auto-discovered as service-based or
port-based classes.
To create a traffic tree that auto-discovers categories
under web-based classes:
1. Enable class discovery on your web-based
classes.
2. (Optional) Make this an exception class.
Note: You will usually want to make this
an exception class to make sure the web
traffic gets classified into the this class
instead of in service-based classes
(such as Facebook, MySpace, or other
services that use HTTP as a transport).
3. Make sure WebPulse and global traffic
discovery are enabled.
4. (Optional) To apply different controls to secure
and unsecure URL categories, assign the
desired policies to the HTTP/Default,
SSL/Default, and HTTP-Tunnel/Default
classes.
or
Assign policies to the individual categories
within each web-based class. For example, you
can apply a never-admit policy to
HTTP/Shopping and no policy to
SSL/Shopping.
28
Discover Categories under Web-Based Classes
As an alternative to creating an "all categories" class to auto-discover category classes, you can turn on class discovery for
web-based classes (such as HTTP, SSL, HTTP-Tunnel). This technique allows you to have different controls for categories
depending on the type of web service. For example, you can create different policies for categories that are secure web
traffic versus unsecure.
Although you can auto-discover categories for any web-based service that uses HTTP or HTTPS as transport, Blue Coat
recommends that you limit this feature to HTTP, SSL, and HTTP-Tunnel.
To discover categories under web-based classes:
1. If your Inbound traffic tree doesn't already have classes for HTTP, SSL, and HTTP-Tunnel, create classes for these
services.
2. Select Exception and enable Traffic Discovery within Class. Click apply changes.
3. Repeat steps 1 and 2 for Outbound (or copy the classes using the copy class and children option).
As web traffic appears on your network, PacketShaper will create category classes under HTTP, SSL, and HTTP-Tunnel.
For example:
HTTP
Business_Economy
Computers_Internet
Content_Servers
Email
Financial_Services
Shopping
Social_Networking
Default
SSL
Brokerage_Trading
Content_Servers
Default
Note: For category classes to be discovered under an HTTP class, the HTTP class cannot have any criteria (such
as host, URL, content type, or user agent) defined.
Discover Categories Under Web-Based Classes in Blue Coat
Sky
As an alternative to creating an "all categories" class to auto-discover category classes, you can turn on class discovery for
29
web-based classes (such as HTTP, SSL, HTTP-Tunnel). This technique allows you to have different controls for
categories depending on the type of web service. For example, you can create different policies for categories that are
secure web traffic versus unsecure.
Although you can auto-discover categories for any web-based service that uses HTTP or HTTPS as transport, Blue Coat
recommends that you limit this feature to HTTP, SSL, and HTTP-Tunnel.
To discover categories under web-based classes:
1. If your class tree doesn't already have classes for HTTP, SSL, and HTTP-Tunnel, create classes for these services.
2. Select Exception and enable Auto-Discovery in Class for these classes.
As web traffic appears on your network, PacketShaper will create category classes under HTTP, SSL, and HTTP-Tunnel.
For example:
HTTP
Business_Economy
Computers_Internet
Content_Servers
Email
Financial_Services
Shopping
Social_Networking
Default
SSL
Brokerage_Trading
Content_Servers
Default
l
l
For category classes to be discovered under an HTTP class, the HTTP class cannot have any criteria (such as
host, URL, content type, or user agent) defined.
time interval. This threshold is user configurable via the URL Categories system variable. See Adjust System
Variables in PacketGuide.
30
to Manage Types of URL Categories
The 70+ URL categories can be grouped into 14 category types, such as Adult Related, Social Interaction, Security
Concern, Multimedia, and Leisure. For a complete list of the categories within each type, see URL Categories. If you are
more concerned about controlling specific category types than the individual categories, you can create a traffic tree with
category-type classes. This type of tree requires that you manually create a class with a matching rule for each URL
category in the category type. For example, to create a class for the Liability Concern category type, you would add
category-based matching rules for Gambling, Illegal Drugs, Illegal/Questionable, Violence/Hate/Racism, and Weapons
categories. You can then control the Liability Concern categories with a single policy.
To create a traffic tree based on category types:
1. Identify which category types you are interested
in monitoring and/or controlling. Refer to the
URL Categories list.
2. For each category type, create a class that has
a matching rule for each URL category in the
type.
3. Make the class an exception class.
Note: When a category class is created
in the root, you will usually want to make
it an exception class to make sure the
web traffic gets classified into the
category class instead of in servicebased classes (such as HTTP,
Facebook, MySpace, or other services
that use HTTP as a transport).
5. (Optional) Assign appropriate policies to the
category-type classes you want to control. To
block access to websites in a category type,
refer to Block a URL Category.
31
URL Categories
The following category map (catmap) table lists the categories that PacketShaper can identify and classify in
PacketShaper 11.5. The categories are grouped into 17 types, such as adult related, commerce, communication, and so
forth. Note that categories periodically change (approximately every 18 months) and your category database will
automatically update when this happens. These changes may not be reflected in the documentation, however.
ID
Category Name
Description
Example URLs
Adult-Related Categories
1
Adult/Mature Content
Sites that contain material of adult
humorbomb.com
nature that does not necessarily contain landoverbaptist.org
excessive violence, sexual content, or
punchbaby.com
nudity. These sites include very profane
or vulgar content and sites that are not
appropriate for children.
93
Sexual Expression
Sites that provide information, promote, dailydiapers.com
or cater to alternative sexual
tigerden.com
expressions in their myriad forms.
ncsfreedom.org
Includes but is not limited to the full
range of non-traditional sexual
practices, interests, orientations or
fetishes. This category does not include
sites that are sexually gratuitous in
nature which would typically fall under
the Pornography category, nor does it
include lesbian, gay, bi-sexual,
transgender or any sites which speak to
one's sexual identity.
26
Child Pornography
Sites that include a visual depiction of a
minor engaging in sexually explicit
conduct.
32
ID
Category Name
Description
Example URLs
7
Extreme
Sites that are extreme in nature and are
not suitable for general consumption.
Includes sites that revel and glorify in
gore, human or animal suffering,
scatological or other aberrant
behaviors, perversities or
debaucheries. It includes visual or
written depictions deemed to be of an
unusually horrific nature. These are
salacious sites bereft of historical
context, educational value or artistic
merit created solely to debase,
dehumanize or shock. Examples would
include necrophilia, cannibalism, scat
and amputee fetish sites.
5
Intimate Apparel/Swimsuit Sites that contain images or offer the
victoriassecret.com
sale of swimsuits or intimate apparel or
fredericks.com
other types of suggestive clothing. Does
not include sites selling undergarments
as a subsection of other products
offered.
6
Nudity
Sites containing nude or seminude
bodyscapes.com
depictions of the human body. These
nudistnews.com
depictions are not necessarily sexual in
intent or effect, but may include sites
containing nude paintings or photo
galleries of artistic nature. This category
also includes nudist or naturist sites that
contain pictures of nude individuals.
50
Mixed Content/Potentially
Adult
Sites with generally non-offensive
content but that also have potentially
objectionable content such as adult or
pornographic material that is not
organized so that it can be classified
separately. Sites that explicitly exclude
offensive content are not included in this
category.
istockphoto.com
images.search.yahoo.com
video.google.com
youtube.com
fotosearch.com
imageshack.us
metacafe.com
imagebam.com
break.com
3
Pornography
Sites that contain sexually explicit
material for the purpose of arousing a
sexual or prurient interest.
playboy.com
33
ID
Category Name
Description
Example URLs
4
Sex Education
Sites that provide information
scarleteen.com
(sometimes graphic) on reproduction,
sexual development, safe sex practices, viagra.com
sexuality, birth control, tips for better
sex, and sexual enhancement products.
Commerce Categories
59
Auctions
Sites that support the offering and
purchasing of goods between
individuals. Does not include classified
advertisements.
32
Brokerage/Trading
Sites that provide or advertise trading of ameritrade.com
securities and management of
etrade.com
investment assets (online or offline).
Also includes insurance sites, as well as
sites that offer financial investment
strategies, quotes, and news.
21
Business/Economy
Sites devoted to business firms,
ge.com
business information, economics,
sunbeam.com
marketing, business management and
entrepreneurship. This does not include
sites that perform services that are
defined in another category (such as
Information Technology companies, or
companies that sell travel services).
Does not include shopping sites.
31
Financial Services
Sites that provide or advertise banking americafirst.com
services (online or offline) or other types paypal.com
of financial information, such as loans
and insurance. Does not include sites
that offer market information, brokerage
or trading services.
45
Job Search/Careers
Sites that provide assistance in finding
employment, and tools for locating
prospective employers.
hotjobs.yahoo.com
flipdog.com
monster.com
60
Real Estate
Sites that provide information on
renting, buying, or selling real estate or
properties. Also includes vacation
property rentals such as time-shares
and vacation condos.
century21.com
realtor.com
34
ebay.com
bidfind.com
ID
Category Name
Description
Example URLs
58
Shopping
Sites that provide or advertise the
means to obtain goods or services.
Includes sites that list prices or have a
clear way to order merchandise and
also includes retail shopping outlets,
classified advertisements, price
comparisons, hot deals, bargains, etc.
Does not include sites that can be
classified in other categories (such as
Vehicles or Weapons).
amazon.com
tigerdirect.com
66
Travel
Sites that promote or provide
opportunity for travel planning, including
finding and making travel reservations,
sharing of travel experiences (pro or
con) vehicle rentals, descriptions of
travel destinations, or promotions for
hotels/casinos or other travel related
accommodations. Mass transit
information including but not limited to
posting of schedules/fares or any other
public transportation-related data are
also included in this category.
travelocity.com
wynnlasvegas.com
orbitz.com
hertz.com
67
Vehicles
Sites that provide information on or
promote vehicles, boats, or aircraft,
including sites that support online
purchase of vehicles or parts.
toyota.com
autotrader.com
boattrader.com
88
Web Ads/Analytics
Sites that provide online advertisements adserver.yahoo.com
or banners. Does not include
adserver.inetzone.com
advertising servers which serve adultbanner.euroads.no
oriented advertisements. Includes web
API embeds (e.g. facebook “like”
button).
Communication Categories
51
Chat (IM)/SMS
Sites that provide chat, text messaging aim.com
(SMS) or instant messaging capabilities meebo.com
or client downloads.
chat.com
52
Email
Sites offering web-based email
services,such as online email reading,
and mailing list services.
35
gmail.com
hotmail.com
ID
Category Name
Description
Example URLs
53
Newsgroups/Forums
Sites that primarily offer access to
newsgroups, messaging or bulletin
board systems, or group blogs where
participants can post comments, hold
discussions, or seek opinions or
expertise on a variety of topics.
groups.google.com
blog.netscape.com
forums.asp.net
110
Internet Telephony
Sites that facilitate Internet telephony or speakfreely.org
provide Internet telephony services
linphone.org
such as voice over IP (VOIP).
skype.com
net2phone.com
pccall.com
twinklephone.com
avavoip.com
cliconnect.com
tivi.com
qutecom.org
111
Online Meetings
Sites that facilitate online meetings or
gotomeeting.com
provide online meeting, conferencing or beamyourscreen.com
training services.
dimdim.com
webex.com
wiredred.com
ivisit.com
fuzemeeting.com
ezmeeting.com
gatherplace.net
gomeetnow.com
File Transfer Categories
56
File Storage/Sharing
Sites that provide a secure, encrypted,
off-site backup and restoration of
personal data. These online
repositories are typically used to store,
organize and share videos, music,
movies, photos, documents and other
electronically formatted information.
Sites that fit this criteria essentially act
as your personal hard drive on the
Internet.
36
box.net
ibackup.com
flickr.com
ID
Category Name
Description
Example URLs
83
Peer-to-Peer (P2P)
Sites that distribute software to facilitate
the direct exchange of files between
users. P2P includes software that
enables file search and sharing across a
network without dependence on a
central server.
datorrents.com
bittorrentbooster.com
frostwire.com
teamtptb.com
fatal-torrent.com
crazy-torrent.com
torrenthub.org
yourtorrents.info
gotorrent.com
71
Software Downloads
Sites that are dedicated to the electronic download.com
download of software for any type of
tucows.com
computer or mobile device, whether for
payment or at no charge.
Health Related Categories
16
Abortion
Sites which provide information or
gynpages.com
arguments in favor of or against
abortionfacts.com
abortion, describe abortion procedures,
offer help in obtaining or avoiding
abortion, or provide information on the
effects, or lack thereof, of abortion.
23
Alcohol
Sites that offer for sale, promote, glorify, budweiser.com
review or in any way advocate the use
jackdaniels.com
or creation of alcoholic beverages,
coors.com
including but not limited to beer, wine,
and hard liquors. It does not include
sites that sell alcohol as a subset of
other products such as restaurants or
grocery stores.
37
Health
Sites that provide advice and
information on general health such as
fitness and well-being, personal health
or medical services, prescription
medications, alternative and
complementary therapies, medical
information about ailments, dentistry,
optometry, general psychiatry, selfhelp, and support organizations
dedicated to a disease or condition.
64
Restaurants/Dining/Food
Sites that list, review, discuss, advertise foodnetwork.com
and promote food, catering, dining
zagat.com
services, cooking and recipes.
37
cvs.com
webmd.com
ID
Category Name
Description
Example URLs
24
Tobacco
Sites that offer for sale, promote, glorify, bat.com
review or in any way advocate the use
esmokes.com
or creation of tobacco or tobacco
philipmorrisusa.com
related products including but not
limited to cigarettes, pipes, cigars and
chewing tobacco. It does not include
sites that sell tobacco as a subset of
other products such as grocery stores.
Information Related Categories
27
Education
Sites that offer education information,
distance learning, or trade school
information or programs. Includes sites
that are sponsored by schools,
educational facilities, faculty, or alumni
groups.
107
Informational
Sites that provide content that is
lotteryusa.com
informational in nature and does not
concierge.com
provide a way to directly act upon the
wizards.com
information (for example., a site that
provides lottery results, but does not sell
lottery tickets). This category is always
used in conjunction with another
category appropriate to the subject
matter (for example, gambling).
46
News/Media
Sites that primarily report information or cnn.com
comments on current events or
foxnews.com
contemporary issues of the day. Also
msnbc.msn.com
includes news radio stations and news
magazines. Does not include sites that
can be rated in other categories.
49
Reference
Sites containing personal, professional, dictionary.reference.com
or educational reference, including
encarta.msn.com
online dictionaries, maps, censuses,
familysearch.org
almanacs, library catalogues,
genealogy-related sites and scientific
information.
40
Search Engines/Portals
Sites that support searching the
Internet, indices, and directories.
38
education-world.com
ed.gov
nyu.edu
google.com
yahoo.com
ID
Category Name
Description
Example URLs
95
Translation
Sites that allow translation of text
(words, phrases, web pages, between
various languages) or that can be used
to identify a language.
microsofttranslator.com
translate.google.com
babelfish.yahoo.com
translation.babylon.com
worldlingo.com
systran.co.uk
reverso.net
freetranslation.com
online-translator.com
freedict.com
nga.gov
haydenplanetarium.org
sydneyoperahouse.com
nationalgallery.org.uk
poetry.com
philorch.org
sfballet.org
metmuseum.org
broadway.com
si.edu
Leisure Categories
30
Art/Culture
Sites that nurture and promote cultural
understanding of fine art including but
not limited to sculpture, paintings and
other visual art forms, literature, music,
dance, ballet, and performance art and
the venues or foundations that support,
foster or house them such as museums,
galleries, symphonies and the like. Sites
that provide a learning environment or
cultural awareness outside of the
strictures of formalized education such
as museums and planetariums are
included under this heading.
20
Entertainment
Sites that provide information on or
tmz.com
promote mass entertainment media
imdb.com
including but not limited to film, film
marvel.com
trailers, television, home entertainment, mtv.com
music, comics, entertainment-oriented
rottentomatoes.com
periodicals, reviews, interviews, fan
accesshollywood.com
clubs, and celebrity gossip.
celebrity-gossip.net
purethenightclub.com
greenday.com
eonline.com
87
For Kids
Sites designed specifically for children. kids.yahoo.com
This category is used in conjunction with playhousedisney.com
other categories - it is not a stand-alone
category.
39
ID
Category Name
Description
Example URLs
33
Games
Sites that support playing or
downloading video games, computer
games, or electronic games. Includes
sites with information, tips or advice on
such games or how to obtain cheat
codes. Also includes magazines
dedicated to computerized games and
sites that support or host online
sweepstakes and giveaways.
nintendo.com
gamespot.com
gamedaily.com
68
Humor/Jokes
Sites that primarily focus on comedy,
jokes, fun, etc. May include sites
containing jokes of adult or mature
nature. Sites containing humorous
Adult/Mature content also have an
Adult/Mature category rating.
ahajokes.com
comedycentral.com
the-jokes.com
65
Sports/Recreation
information about spectator sports or
recreational activities. It does not
include sites dedicated to hobbies such
as gardening, collecting, board games,
scrapbooking, quilting, etc.
espn.com
nba.com
nfl.com
tipsport.pl
downloadcasino.es
loteriaypremios.com
spil2vind.dk
casino-experts.com
aceshighcasinoparties.com
socialholdemsecrets.com
slotmachines.topwebcasinos.com
freeslotsworld.net
Liability Concern Categories
11
Gambling
Sites where a user can place a bet or
participate in a betting pool, participate
in a lottery, or receive information,
assistance, recommendations, or
training in such activities. Does not
include sites that sell gambling-related
products/machines or sites for offline
casinos and hotels, unless they meet
one of the above requirements.
25
Controlled Substances
Sites that promote, offer, sell, supply,
encourage or otherwise advocate the
illegal use, cultivation, manufacture, or
distribution of drugs, pharmaceuticals,
intoxicating plants or chemicals and
their related paraphernalia.
40
sensiseed.com
cogollo.net
napnt.org
magic-mushroom.com
ID
Category Name
Description
Example URLs
121
Marijuana
Sites that discuss, encourage, promote, hightimes.com
offer, sell, supply or otherwise advocate rollitup.org
the use, cultivation, manufacture or
grasscity.com
distribution of marijuana and its myriad
cannabis.com
aliases, whether for recreational or
thctalk.com
medicinal purposes. Includes sites with cannabisculture.com
content regarding marijuana-related
paraphernalia.
9
Scam/Questionable/Illegal Sites that promote scams or that
provide or sell legally questionable
educational materials such as term
papers. Also includes sites that
advocate or give advice on performing
acts that are illegal or of questionable
legality such as service theft, evading
law enforcement, fraud, burglary
techniques and plagiarism.
14
Violence/Hate/Racism
Sites that depict extreme physical harm armyofgod.com
to people, animals or property, or that
gorillafights.com
advocate or provide instructions on how tortureroom.com
to cause such harm. Also includes sites nutabuse.com
that advocate, depict hostility or
anti-bush.com
aggression toward, or denigrate an
free-gaza.com
individual or group on the basis of race, teengirlfights.net
religion, gender, nationality, ethnic
klanparenthood.com
origin, or other involuntary
newnation.org
characteristics. Includes content that
festered.com
glorifies self-mutilation or suicide.
15
Weapons
Sites that sell, review, or describe
browning.com
weapons such as guns, knives or
remington.com
martial arts devices, or provide
information on their use, accessories, or
other modifications. Does not include
information on BB guns, paintball guns,
black powder rifles, target shooting, or
bows and arrows unless the site also
meets one of the above requirements.
Also does not include sites that promote
collecting weapons, or groups that
either support or oppose weapons use.
Multimedia Categories
41
oppapers.com
antiessays.com
gregmiller.net/locks/mitguide/
cleaneasy.com
ID
Category Name
Description
Example URLs
84
Audio/Video Clips
Sites that provide streams or downloads
of audio or video clips-typically less than
15 minutes or less in length. Also
includes sites that provide downloaders
and players for audio and video clips.
new.music.yahoo.com
music.msn.com
vodpod.com
funnyordie.com
video.nationalgeographic.com
videocure.com
muchmusic.com
soundboard.com
video-clips.co.uk
cmt.com
112
Media Sharing
Sites that allow sharing of media (e.g.,
photo sharing) and have a low risk of
including objectionable content such as
adult or pornographic material.
113
Radio/Audio Streams
Sites that provide streams or downloads pandora.com
of radio, music, or other audio contentshoutcast.com
typically more than 15 minutes in length. last.fm
napster.com
grooveshark.com
deezer.com
slacker.com
radiopaq.com
knac.com
jazz24.org
114
TV/Video Streams
Sites that provide streams or downloads
of television, movie, Webcam, or other
video content-typically more than 15
minutes in length.
Security Concern Categories
42
shutterfly.com
zoomonga.com
fotki.com
www.pixagogo.com
kodakgallery.com
picasa.google.com
snapfish.com
dropshots.com
smugmug.com
webshots.com
hulu.com
fancast.com
tvduck.com
casttv.com
demand.five.tv
tv.com
netflix.com
sling.com
thewb.com
vudu.com
ID
Category Name
Description
Example URLs
17
Hacking
Sites that distribute, promote or provide astalavista.box.sk
hacking tools and/or information which
happyhacker.org
may help gain unauthorized access to
flyninja.net
computer systems and/or computerized 1nj3ct.in
communication systems. Hacking
encompasses instructions on illegal or
questionable tactics, such as creating
viruses, distributing cracked or pirated
software or other protected intellectual
property.
118
Piracy/Copyright
Concerns
Sites that provide information or
technology for cracking or pirating
software or other protected intellectual
property, and sites that distribute such
media.
megashare.info
fullepisode.info
thepiratebay.se
isohunt.com
gamecopyworld.com
cracks4u.us
eztv.it
watchseries.lt
108
Computer/Information
Security
Sites that provide information or tools
for securing or safeguarding computers,
networks, and other data systems.
While these sites provide helpful and
legitimate security information to IT
professionals, they also pose a degree
of risk because information they provide
may be used to help gain unauthorized
access to systems.
metasploit.com
cve.mitre.org
nessus.org
sectools.org
trustedsec.com
itsecurity.com
98
Placeholders
Sites that are under construction,
parked domains, search-bait or
otherwise generally having no useful
value.
102
Potentially Unwanted
Software
Sites that distribute software that is not
malicious but may be unwanted within
an organization such as intrusive
adware and hoaxes.
57
Remote Access Tools
Sites that primarily focus on providing
information about and/or methods that
enable authorized access to and use of
a desktop computer or private network
remotely.
43
gotomypc.com
ID
Category Name
Description
Example URLs
101
Spam
Sites that are part of the spam
ecosystem, including sites linked in
unsolicited bulk electronic messages
and sites used to generate or propagate
such messages.
92
Suspicious
Sites considered to have suspicious
content and/or intent that poses an
elevated security or privacy risk. This
categorization is determined by analysis
of web reputation factors. If a site is
determined to be clearly malicious or
benign, it will be placed in a different
category.
Security Threat Categories
18
Phishing
Sites that are designed to appear as a
legitimate bank or retailer with the intent
to fraudulently capture sensitive data
(i.e. credit card numbers, pin numbers).
86
Proxy Avoidance
Sites that provide information on how to anonymizer.com
bypass proxy server features or gain
access to URLs in any way that
bypasses the proxy server. This
category includes any service which will
allow a person to bypass the Blue Coat
filtering system, such as anonymous
surfing services.
44
Malicious Outbound
Traffic / Botnets
Sites to which botnets or other malware
(as defined in the Malicious Sources
category) send data or from which they
receive command-and-control
instructions. Includes sites that contain
serious privacy issues, such as "phone
home" sites to which software can
connect and send user information.
Usually does not include sites that can
be categorized as Malicious Sources.
44
ID
Category Name
Description
Example URLs
43
Malicious
Sources/Malnets
Sites that host or distribute malware or screensaver.com
whose purpose for existence is as part
of the malware ecosystem. Malware is
defined as software that takes control of
a computer, modifies computer settings,
or collects or reports personal
information without the permission of
the end user. It also includes software
that misrepresents itself by tricking
users to download or install it or to enter
personal information. This includes sites
or software that perform drive-by
downloads; browser hijackers; dialers;
any program that modifies your browser
homepage, bookmarks, or security
settings; and keyloggers. It also
includes any software that bundles
malware (as defined above) as part of
its offering. Information collected or
reported is "personal" if it contains
uniquely identifying data, such as email
addresses, name, social security
number, IP address, etc. A site is not
classified as malware if the user is
reasonably notified that the software will
perform these actions (e.g., it alerts that
it will send personal information, be
installed, or that it will log keystrokes).
Social Interaction Categories
63
Personal Sites
Sites that primarily offer access to
personal pages and blogs. This
classification includes but is not limited
to content that shares a common
domain such as Web space made
available by an ISP or some other
hosting service. Personal home pages
and blogs tend to be dynamic in nature
and their content may vary from
innocuous to extreme.
45
blogger.com
wordpress.org
ID
Category Name
Description
Example URLs
106
E-Cards/Invitations
Sites that facilitate the sending of
electronic greeting cards, animated
cards, or similar electronic messages
typically used to mark an event or
occasion.
123greetings.com
bluemountain.com
greetingcards.com
americangreetings.com
egreetings.com
memorygreetings.com
ecardfunny.com
e-cards.com
pencake.com
regards.com
47
Personals/Dating
Sites that promote interpersonal
relationships.
eharmony.com
lovesites.com
dating.com
55
Social Networking
Sites that enable people to connect with
others to form an online community.
Typically members describe themselves in
personal Web page profiles and form
interactive networks, linking them with
other members based on common interests
or acquaintances. Instant messaging, file
sharing and Web logs (blogs) are common
features of Social Networking sites. These
sites may contain offensive material in the
community-created content. This category
may be used in conjunction with another
category for more narrowly-focused social
networking sites, such as professional
networking sites or social networking
sections of Personals/Dating sites.
myspace.com
friendster.com
Note: The Social Networking category
includes classification of sites that may not
yet have a service in PacketShaper.
Therefore, creating a Social_Networking
category class may be preferable over
creating a SocialNetwork service group
class.
Society/Government Categories
46
ID
Category Name
Description
Example URLs
22
Alternative
Spirituality/Belief
Sites that promote and provide
atheists.org
information on a wide range of nonufocasebook.com
traditional and/or non-religious spiritual, paranormalnetwork.net
existential, experiential, and
ancientblackmagic.com
philosophical belief systems. Includes
spellsandmagic.com
sites related to atheism, agnosticism,
churchofsatan.com
and mysticism; sites related to quasiparanormalnews.com
religious, philosophical or spiritual belief morespells.com
systems and practices that do not
nuforc.org
include formally established religious
neworleansghosts.com
meetings, places of worship,
organizational structure, or dogma; and
sites that endorse or offer information
about affecting or influencing real
events through supernatural or magical
means. Also includes sites that discuss
or deal with paranormal or unexplained
events. This category does not include
sites centered around traditional,
organized religious belief, practice, and
observance (Religion).
29
Charitable Organizations
Sites that foster volunteerism for
charitable causes. Also encompasses
non-profit associations that cultivate
philanthropic or relief efforts. Does not
include organizations that attempt to
influence legislation as a significant
portion of their activities or
organizations that campaign for,
contribute to or affiliate with political
organizations or candidates.
34
Government/Legal
Sites sponsored by or which provide
whitehouse.gov
information on government,
federalreserve.gov
government agencies and government
services such as taxation and
emergency services. Includes sites
which discuss or explain laws of various
governmental entities. Also includes
sites that advertise legal services,
lawyers for hire, adoption services,
information about adoption, immigration
information, and immigration services.
47
scouting.org
4-h.org
ymca.net
lionsclubs.org
toastmasters.org
redcross.org
unicef.org
pewtrusts.org
childrensaidsociety.org
cityharvest.org
ID
Category Name
Description
Example URLs
35
Military
information on military branches or
armed services.
www.army.mil
www.navy.mil
www.af.mil
36
Political/Social Advocacy
Sites sponsored by or which provide
texasgop.org
information on political parties, special
aclu.org
interest groups, or any organization that rnc.org
promotes change or reform in public
dnc.org
policy, public opinion, social practice, or
economic activities.
54
Religion
Sites that promote and provide
information on traditional, organized
religious belief, practice and
observance and directly-related
subjects such as religious catechism or
dogma and places of religious worship
or observance (e.g., churches,
synagogues, temples, etc.). This
category does not include sites about
non-traditional spiritual and nonreligious belief systems (Alternative
Spirituality/Belief).
catholic.net
gospel.com
lds.org
61
Society/Daily Living
Sites providing information on matters
of daily life. This includes but is not
limited to pet care, home improvement,
fashion/beauty tips, hobbies and other
tasks that comprise everyday life. It
does not include sites relating to
entertainment, sports, jobs, personal
pages or other topics which already
have a specific category.
lifestyle.msn.com
hobbies.net
akc.org
Technology Categories
38
Technology/Internet
Sites that sponsor or provide
information on computers, technology,
the Internet and technology-related
organizations and companies.
dell.com
microsoft.com
javaworld.com
97
Content Servers
Servers that provide commercial
hosting for a variety of content such as
images and media files. These servers
are typically used in conjunction with
other web servers to optimize content
retrieval speeds.
akamai.com
cdnetworks.com
limelightnetworks.com
48
ID
Category Name
Description
Example URLs
103
Dynamic DNS Host
Sites that utilize dynamic DNS services
to map their domain names to dynamic
IP addresses.
dyndns.com
no-ip.com
96
Nonviewable/Infrastructure
Servers with non-malicious, nonoffensive content or resources used by
applications, but not directly viewable by
web browsers. Includes but is not limited
to Web analytics sites (such as visitor
tracking and ranking sites) and content
filtering systems. Also includes thirdparty authentication
(Google/Twitter/Facebook auth).
85
Office/Business
Applications
Sites with interactive, Web-based
office/business applications. This
excludes email, chat/IM or other sites
that have a specific content category.
89
Web Hosting
Sites of organizations which provide
top-level domain pages, as well as web
communities or hosting services.
Includes blog hosting sites.
109
Internet Connected
Devices
Sites that allow management and
online.wilife.com
monitoring of or network access to
mydlink.com
physical devices connected to the
arc.webeyecms.com
Internet. Such devices include but are
viewnetcam.com
not limited to network infrastructure
synology.me
such as routers and switches, network- mycloudnas.com
enabled industrial equipment, security
customer.control4.com
cameras, home automation equipment, webcam.oii.ox.ac.uk
and other Web-enabled devices. Also
includes security camera feeds, which
are dually categorized as TV/Video
Streams.
49
sites.google.com
1and1.com

PDF of all topics related to URL Categories

Transcription

Similar documents

Help Document Open the URL – www.irctc.co.in Enter your login

XGames.ESPN.go.com

(Today I show u how to post an ad on zeekrewards. First u

urban ready living

Tips and Tricks - Euro-Tyre

Web Crawling

Présentation LinShare – Partage de fichiers sécurisé

Preserving the .EU domain

Website Structure