* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/)
* Web Security Tips: Using ...

# Web Security Tips: Using URL Categories in Your Security Policy

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fweb-security-tips-using-url-categories-security-policy%2F)  
[](https://twitter.com/share?text=Web+Security+Tips%3A+Using+URL+Categories+in+Your+Security+Policy&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fweb-security-tips-using-url-categories-security-policy%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2014%2F10%2Fweb-security-tips-using-url-categories-security-policy%2F&title=Web+Security+Tips%3A+Using+URL+Categories+in+Your+Security+Policy&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2014/10/web-security-tips-using-url-categories-security-policy/&ts=markdown)  
\[\](mailto:?subject=Web Security Tips: Using URL Categories in Your Security Policy)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Oct 01, 2014  
3 minutes  
[Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)  
[Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)  
[Application Usage and Threat Report](https://www.paloaltonetworks.com/blog/tag/application-usage-and-threat-report/?ts=markdown)  
[AUTR](https://www.paloaltonetworks.com/blog/tag/autr/?ts=markdown)  
[PAN-DB](https://www.paloaltonetworks.com/blog/tag/pan-db/?ts=markdown)  
[QoS](https://www.paloaltonetworks.com/blog/tag/qos/?ts=markdown)  
[SSL Decryption](https://www.paloaltonetworks.com/blog/tag/ssl-decryption/?ts=markdown)

Almost all UTMs or so-called next-generation firewalls have URL filtering capability, but they are not well integrated enough to utilize URL categories in a security policy. By taking advantage of URL categories, you will gain granular control of your network.

If you are unfamiliar with how to use URL categories in your security policy, the following tips can help. These tips provide you with powerful ways to protect your network and improve your bandwidth efficiency.

First, after logging into your Palo Alto Networks Next-Generation Firewall, click the "Policies" tab. Then, in the list of options on the left, click "Security."

A "URL Category" column will appear (**Figure 1**).

![Figure1-500x139](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/10/Figure1-500x139.png)

**Figure 1** : URL Category in the security policy.

If you do not see the URL Category column on your interface, it is most likely hidden from view. You can unhide it first by clicking the down arrow in any items such as "Action" or "Profile"; I used "Action" this time (**Figure 2**). Then move your mouse on "Columns" and check the "URL Category" box near the bottom of the list.

![Figure2](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure2-230x252.png)

**Figure 2**: Unhiding the URL Category column.

The following examples show what can be done with URL categories.

**1. Block file transfer from unknown sites.**

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure3.png)  
[![Figure3](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure3-500x48.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure3.png)

**Figure 3:** Block download security policy.

An "unknown" URL most likely refers to a newly registered or unregistered URL, which is often used by cybercriminals. The files from "unknown" URLs can be considered high-risk files. You can block all file types from such "unknown" URL by creating the "block download from unknown" security policy shown in **Figure 3**. This means any files that might be transferred from an unknown URL will be blocked.

**2. Decrypt SSL for specified URL category.**

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure4.png)  
[![Figure4](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure4-500x70.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure4.png)

**Figure 4** . Decryption policies based on URL category.

In our 2014 [Application Usage and Threat Report](http://connect.paloaltonetworks.com/autr-en), we discovered 34% of all applications seen on enterprise networks use SSL. The risk of malicious activities and compromises are often hidden in SSL. Palo Alto Networks provides the ability to decrypt SSL based on URL categories. For example, you may want to decrypt and inspect webmail to block malware or sensitive files, but may not want to decrypt sensitive web activities such as online-banking to protect end-user's privacy.

By applying decryption to the "web-based-email" URL category, you can decrypt webmail and apply other security features such as antivirus and data filtering.

In addition, you can choose not to decrypt online banking, by choosing the "financial services" URL category as "No Decrypt."

**3. Limit streaming media bandwidth during only business hours.**

[](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure5.png)  
[![Figure5](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure5-500x48.png)](https://www.paloaltonetworks.com/blog/wp-content/uploads/2014/09/Figure5.png)

**Figure 5:** Limit streaming in quality of service (QoS) policy.

Our 2014 [Application Usage and Threat Report](http://connect.paloaltonetworks.com/autr-en) also found that photo and video sites consumed 15% of all bandwidth we studied -- 7.5 times greater than that consumed by email. To improve productivity and bandwidth efficiency, you can limit the bandwidth for streaming media by creating a quality of service (QoS) policy. You can set maximum throughput for this policy and a schedule can be defined so that the QoS policy is effective only during business hours.

To learn more about web security, please visit our resource page, "[Control Web Activity with URL Filtering.](https://www.paloaltonetworks.com/products/features/url-filtering.html)"

*** ** * ** ***

## Related Blogs

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### The True Cost of Cybersecurity Incidents: The Solution](https://www.paloaltonetworks.com/blog/2021/07/investing-in-cybersecurity-now-can-save-money-later/)

### [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Lightboard](https://www.paloaltonetworks.com/blog/category/lightboard/?ts=markdown), [Security Platform](https://www.paloaltonetworks.com/blog/category/security-platform/?ts=markdown)

[#### Watch: Prevention Against Targeted Phishing Attacks](https://www.paloaltonetworks.com/blog/2016/06/watch-prevention-against-targeted-phishing-attacks/)

### [Application usage \& risk report](https://www.paloaltonetworks.com/blog/category/application-usage-risk-report/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Events](https://www.paloaltonetworks.com/blog/category/events/?ts=markdown)

[#### A View Into the Cyber3 Conference -- Crafting Security in a Less Secure World](https://www.paloaltonetworks.com/blog/2015/11/a-view-into-the-cyber3-conference-crafting-security-in-a-less-secure-world/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown)

[#### AI, Quantum Computing and Other Emerging Risks](https://www.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### The Case for Multidomain Visibility](https://www.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/)

### [AI Governance](https://www.paloaltonetworks.com/blog/category/ai-governance/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Improving National Security Through Secure AI](https://www.paloaltonetworks.com/blog/2025/05/improving-national-security-through-secure-ai/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language