URL POLICY
ADD URL
[POLICY] > (Select Domain Group) > [SET POLICY] > URL POLICY > [ADD URL]
Creates an individual URL path to apply URL security policies.
Paths can be registered by directory, file, or parameter units, and pattern matching using regular expressions is also supported. (Use ? as the parameter separator.)
Note
Registration Examples
* Directory Registration: /directory
* File Registration: /file.php
* Parameter Registration: /file.php?param
* Regular Expression Registration: \/sub\/[0-9]{1,3}\/index\.php
* Regular expressions must be written as specific URL patterns.
* Too broad regex (e.g., .*) matches many unexpected requests, which may cause performance degradation or false positives.
URL Policy Settings
[POLICY] > (Select Domain Group) > [SET POLICY] > URL POLICY > (Select URL from Policy URL List)
Applies detailed security policies to registered individual URLs.
Select a target from the 'Policy URL List' on the left, then select the desired policy item from the tab menu on the top right to display the settings screen.
Policy Application Priority
* Multiple types of security policies can be applied to a single URL.
* Policies applied to sub-paths (more specific paths) have higher priority than policies for parent paths (broad paths). (e.g., /admin/user policy is applied before /admin policy)
* You must click the [SAVE] button after completing policy settings for them to take effect.
Applicable policy items differ depending on the URL type (Directory, File, Parameter).
| Item | Applicable Policies |
|---|---|
Directory File  | URL BASIC LIMIT |
| SECURITY PATTERN | |
| DATA LEAKAGE PREVENTION | |
| IP ACCESS | |
| UPLOAD | |
| FILE PATTERN | |
| POST ATTACK | |
| DEEP FILE INSPECTION | |
| BRUTE FORCE ATTACK | |
Parameter | SECURITY PATTERN |
| UPLOAD | |
| FILE PATTERN | |
| BRUTE FORCE ATTACK |
URL Security Policy Exception Examples
| Exception setting for specific patterns on a specific URL |
|---|
| ① [+ADD URL] – Add exception target URL |
 |
| ② SET POLICY - Set ALLOW for the corresponding pattern (ABCDE) |
 |
Warning
Precautions for Exceptions
Exceptions for specific URLs must be set to ALLOW, not DETECT.
* When set to DETECT: Only a detection log is left in the specific URL policy, and the blocking rules of the parent URL (or domain policy) are re-checked, so it may be blocked.
* When set to ALLOW: The pattern is permitted, and inspection of lower-level rules in the current policy is skipped before moving to the next stage of security policy.
| Blocking ABC pattern, but setting exception for 'ABCDE' string (Partial Allow) |
|---|
| ① TEMPLATE - Add 'ABCDE' pattern to be excluded |
 |
| ② SET POLICY - Set 'ABCDE' pattern to ALLOW |
 |
| ③ Priority Adjustment - Place 'ABCDE' allow policy above (higher priority) 'ABC' block policy, then save |
 |
| Allow access only to authorized IPs for Admin Page (Block others) |
|---|
| ① [+ADD URL] – Add Admin Page URL / Select the URL > [IP ACCESS] > [SET POLICY] |
 |
| ② SET POLICY – Add 'Admin IP Group' (ALLOW or BYPASS), Add 'All IPs (ALL)' (DENY) |
 |
| ③ Priority Adjustment – Set 'Admin IP' allow policy above 'All IPs' block policy |
 |
Note
If the Admin IP group is set to BYPASS, all security policy inspections are skipped and access is passed for that IP.