Fortinet black logo

Administration Guide

Configuring the FortiGuard URL filter

Configuring the FortiGuard URL filter

The FortiGuard URL filter service allows you choose which categories of URL in the email body you want to scan, rewrite, or block.

To configure a URL rating category profile

  1. Go to Security > URL Filter > Profile.
  2. Click New.
  3. Enter a profile name.
  4. Select which URL rating categories to examine in the email body.
  5. Click Create.
  6. To apply the URL rating category profile, select it in antispam profiles (see Configuring FortiGuard options) and/or click protection settings (see Configuring CDR URL click protection and removal options).

Configuring local URL rating categories

You can configure custom URL rating categories for URL rating override profiles. For most exemptions, you may want to use the pre-defined local-exempt category instead.

  1. Go to Security > URL Filter > Local Category.
  2. Click New.
  3. Enter a Name and an optional Comment for the new custom local category.
  4. Click Create.

Configuring URL rating overrides

To specify which URLs will have overrides of their URL rating category, you can configure patterns (either wildcard or regular expressions) . During configuration of other features, the URL rating override pattern can be selected instead of the usual FortiGuard web filter categories.

  1. Go to Security > URL Filter > Override Rating.

  2. Click New.

  3. Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. See URL types and Syntax.

  4. Under Override To, select a Group and a group-approriate Category.

  5. Note

    To exempt URLs from FortiGuard URL and web filter (see Configuring FortiGuard options), FortiGuard URL protection (see Configuring CDR URL click protection and removal options), FortiSandbox scanning (see Using FortiSandbox antivirus inspection), select the Local Category group and local-exempt category.

  6. Click Create.

URL types

There are two types of URLs:

  • Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as http, https, and ftp. The often only include a domain name, such as http://www.example.com.
  • Reference URLs do not contain the scheme names. Example: example.com

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {aggressive | strict}

end

  • strict: Choose this option to scan for absolute URLs only. Websites with no http or https but with www, such as www.example.com, are also treated as absolute URLs.
  • aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
  • extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.

Configuring the FortiGuard URL filter

The FortiGuard URL filter service allows you choose which categories of URL in the email body you want to scan, rewrite, or block.

To configure a URL rating category profile

  1. Go to Security > URL Filter > Profile.
  2. Click New.
  3. Enter a profile name.
  4. Select which URL rating categories to examine in the email body.
  5. Click Create.
  6. To apply the URL rating category profile, select it in antispam profiles (see Configuring FortiGuard options) and/or click protection settings (see Configuring CDR URL click protection and removal options).

Configuring local URL rating categories

You can configure custom URL rating categories for URL rating override profiles. For most exemptions, you may want to use the pre-defined local-exempt category instead.

  1. Go to Security > URL Filter > Local Category.
  2. Click New.
  3. Enter a Name and an optional Comment for the new custom local category.
  4. Click Create.

Configuring URL rating overrides

To specify which URLs will have overrides of their URL rating category, you can configure patterns (either wildcard or regular expressions) . During configuration of other features, the URL rating override pattern can be selected instead of the usual FortiGuard web filter categories.

  1. Go to Security > URL Filter > Override Rating.

  2. Click New.

  3. Enable Status, and enter a URL pattern.The pattern can use wildcards (default) or regular expressions. Optionally, before entering a regular expression, click Validate to test regular expressions and string text. See URL types and Syntax.

  4. Under Override To, select a Group and a group-approriate Category.

  5. Note

    To exempt URLs from FortiGuard URL and web filter (see Configuring FortiGuard options), FortiGuard URL protection (see Configuring CDR URL click protection and removal options), FortiSandbox scanning (see Using FortiSandbox antivirus inspection), select the Local Category group and local-exempt category.

  6. Click Create.

URL types

There are two types of URLs:

  • Absolute URLs strictly follow the URL syntax and include the URL scheme names, such as http, https, and ftp. The often only include a domain name, such as http://www.example.com.
  • Reference URLs do not contain the scheme names. Example: example.com

By default, FortiMail scans for absolute URLs.

You can use the following CLI command to change the default setting:

config antispam settings

set url-checking {aggressive | strict}

end

  • strict: Choose this option to scan for absolute URLs only. Websites with no http or https but with www, such as www.example.com, are also treated as absolute URLs.
  • aggressive: Choose this option to scan for both the absolute and reference URLs. Sender domains are also checked against FortiGuard.
  • extreme: Choose this option to scan for all URLs with or without schemes, including absolute URLs, reference URLs, URLs in text format, and sender domains.

For more information about this command, see FortiMail CLI Reference.