system fortiguard url-protection
Use this command to configure content disarm and reconstruction (CDR) URL click protection options.
Newsletters often do not embed images in email in order to keep the email file size small so that email can be sent to many people quickly. Instead, the image files are stored at a URL on a web server or CDN. Email clients download and display the image later, when each person reads their email.
Normal HTML email newsletters often include a plain text version or a link to a web page to fall back if the images cannot be displayed in the email. Spammers and malware, however, can abuse requests to the image URLs in order to detect which recipient email addresses are valid, even when SMTP recipient verification is disabled, and to bypass email antispam and antivirus scans by transmitting the content over HTTPS instead of SMTP.
For this reason, like hyperlink URLs, image URLs also have click protection options.
Syntax
config system fortiguard url-protection
set click-action {allow-with-confirmation | block}
set click-category {all | default | phishing | unrated}
set isolator-category {all | default | phishing | unrated}
set isolator-img-src-status {enable | disable}
set isolator-url-base <fortiisolator_url><FortiIsolator_url>
set malformed-html-tag-content-action {remove | rewrite}
set neutralize-category {all | default | phishing | unrated}
set neutralize-img-src-status {enable | disable}
set remove-category {all | default | phishing | unrated}
set remove-img-src-status {enable | disable}
set rewrite-category {all | default | phishing | unrated}
set rewrite-img-src-status {enable | disable}
set rewrite-url-base <FortiMail_url>
set sandbox-click-action {allow-with-confirmation | block | submit-only}
set sandbox-status {enable | disable}
set sandbox-timeout <timeout_int>
set sandbox-timeout-action {allow | allow-with-confirmation | block}
end
Variable |
Description |
Default |
---|---|---|
click-action {allow-with-confirmation | block} |
Select how the link will behave when click handling applies, and a user clicks a link. |
block |
click-category {all | default | phishing | unrated} |
Select which URL rating category a URL must match in order to receive click handling. For all other URL categories not selected, you can use sandbox-status {enable | disable} to send them to FortiSandbox for more scanning |
default |
isolator-category {all | default | phishing | unrated} |
Select which URL rating category a URL must match in order to be reached through FortiIsolator. |
unrated |
Enable to use FortiIsolator with the URLs of images that are stored on remote web servers for HTML email. |
enable |
|
isolator-url-base <fortiisolator_url><FortiIsolator_url> |
Enter the prefix Note: The |
|
malformed-html-tag-content-action {remove | rewrite} |
Select whether to remove or rewrite an HTML tag if it is malformed. |
remove |
neutralize-category {all | default | phishing | unrated} |
Select which URL rating category a URL must match in order to be neutralized. |
unrated |
Enable to neutralize URLs of images that are stored on remote web servers. Note: When you update FortiMail firmware from a previous version, default values are applied to any new settings. If this setting is new, the default results in a change in behavior. If you prefer the previous behavior, then enter: set neutralize-img-src enable |
disable |
|
remove-category {all | default | phishing | unrated} |
Select which URL rating category a URL must match in order to be removed. |
default |
Enable to remove the URLs of images that are stored on remote web servers. |
enable |
|
Select which URL rating category a URL must match in order to be rewritten. |
unrated |
|
Enable to rewrite the URLs of images that are stored on remote web servers. Note: When you update FortiMail firmware from a previous version, default values are applied to any new settings. If this setting is new, the default results in a change in behavior. If you prefer the previous behavior, then enable this setting. |
enable |
|
rewrite-url-base <FortiMail_url> |
Enter the prefix Note: The Tip: The URL is rewritten in the format:
where |
|
sandbox-click-action {allow-with-confirmation | block | submit-only} |
Select how the link will behave when a user clicks a link during a FortiSandbox scan:
|
allow-with-confirmation |
For all other URL categories not selected in click-category {all | default | phishing | unrated},enable this setting if you want to send them to FortiSandbox for scanning |
disable |
|
When the URLs are sent to FortiSandbox for scanning, it can take some time to get the results. Enter how long (in seconds) to wait for FortiSandbox scan results. If FortiMail does not get a reply in this time, then click handling instead uses the action specified in sandbox-timeout-action {allow | allow-with-confirmation | block}. |
5 |
|
sandbox-timeout-action {allow | allow-with-confirmation | block} |
Select how the link will behave when a user clicks a link after a FortiSandbox scan timeout (sandbox-timeout <timeout_int>). |
allow |