URL Category

This section describes the application scenarios of URL categories, predefined and user-defined categories, predefined URL category query, and re-marking of packet priorities based on URL categories.

Application Scenarios

URLs of a type of websites can be grouped into one URL category. You can control the access to the websites based on the URL category. URL categories are used in the following scenarios:

An administrator can control URLs that are allowed and rejected based on URL categories. For example, an enterprise allows employees to access only portal websites at work hours, and does not allow employees to access streaming media websites. In this case, URL categories can be used. Set the action for the URL category of portal websites to Allow. Set the action for the URL category of streaming media websites to Block.
A URL category can also be used as a matching condition of a policy. If you want a specific policy rule to apply only to a specific type of website, you can use the URL category as the matching condition when creating a policy rule. For example, an encrypted traffic detection policy can use a URL category as a matching condition to decrypt HTTPS websites of this category.

Predefined Categories and User-defined Categories

Huawei maintains a large number of mainstream websites, which are called predefined URL categories to control the access to such common websites. With the development of networks, new websites may not be covered. In this case, you can create user-defined categories based on special filtering requirements or to enhance predefined URL categories.

Predefined URL categories

Predefined URL categories are preset in the system. That is, the system classifies a large number of common URLs in advance. Predefined URL categories cannot be created, deleted, or renamed.
User-defined URL categories
User-defined URL categories can be manually configured in either of the following ways:
- Create a user-defined URL category and add URLs to this category.
- Add a URL to a predefined URL category. This URL belongs to a user-defined URL category.
User-defined URL categories have a higher priority than predefined URL categories.

Predefined URL Category Query

You can query predefined URL categories in two places: predefined URL category cache and remote query server.

The predefined URL category database is loaded to the cache after the first device startup. When a user requests to access a URL, the device queries the category matching the URL in the cache first. If a category is found, the device takes the action configured for the URL category. If no matching URL category is found, the system continues the query on the remote query server. If the category corresponding to the URL is found, the device takes the action configured for the URL category and saves the queried URL and the corresponding category information to the predefined URL category cache, for quick query next time.

Predefined URL category database

The predefined URL category database is a subset of URL categories in a small scale. In normal cases, the predefined URL category database is preset before delivery and does not need to be manually loaded. If an exception occurs on the device, you can manually load the predefined URL category database. If the predefined URL category database does not exist on the local device, log in to the security center platform (isecurity.huawei.com) to download it. On the web UI, choose Signature Update > Signature Update, select the product model and version number, and click the Initial URL tab to download the predefined URL category database.
Predefined URL category cache

The predefined URL category cache contains URL categories and URL reputation. The URL categories come from the predefined URL category database, and the URL reputation comes from the URL reputation hotspot database. For description about the URL reputation and URL reputation hotspot database, see URL Reputation and Malicious URL. The following describes only the URL categories in the predefined URL category cache.

When the device is powered on for the first time, it automatically loads the predefined URL category database to the predefined URL category cache. To ensure the validity of predefined URL categories in the cache, the content of the predefined URL category cache is updated continuously based on remote query results. If the cache is full, the new URL will replace the least accessed URL. The content of the predefined URL category cache is stored in the storage medium periodically. After the device restarts, the system automatically loads the latest cached information, reducing the self-learning workload and improving the detection efficiency.

If the requested URL matches the expired URL category in the predefined URL category cache, the system takes the action specified in the expired URL category in the predefined URL category cache this time and updates the expired URL category through remote query. In the next time, the system takes the action specified in the URL category updated based on the query from the remote server.
Remote query server

If no URL category is found in the predefined URL category cache, the URL category is queried on the remote query server. The remote query server provides more URL category information and can be deployed on a wide area network (WAN) or a local network. For detailed principles, see URL Remote Query Process.

Re-marking Packet Priorities Based on URL Categories

Network devices distinguish and process packets based on differentiated services code point (DSCP) values carried in the packets. The priority re-marking function modifies the DSCP field values in packets.

If the action of a URL category is Allow, you can set to re-marking packet priority for the URL category so that other devices can differentially process traffic of URL categories based on their DSCP values.