Citrix ADC

Use case: URL filtering by using custom URL set

If you are an enterprise customer looking to control access to specific websites and website categories, use a custom URL set bound to a responder policy. Your organization’s network infrastructure can use a URL filter to block access to malicious or dangerous websites. For example, websites featuring adult, violence, gaming, drugs, politics, or job portals. In addition to filtering the URLs, you can create a customized list of URLs and import it to the ADC appliance. For example, your organization’s policies might call for blocking access to certain websites such as social networking, shopping portals, and job portals.

Each URL in the list can have a custom category in the form of metadata. The organization can host the list of URLs as a URL set on the Citrix ADC appliance. Configure the appliance to periodically update the set without requiring manual intervention.

After the set is updated, the Citrix ADC appliance automatically detects the metadata. The responder policy uses the URL metadata (category details) to evaluate the incoming URL and apply an action such as allow, block, redirect, or notify the user.

To do so, configure in your network, you can perform the following tasks:

  1. Import a custom URL set
  2. Add a custom URL set
  3. Configure a custom URL list in the SSL Forward Proxy wizard.

Import a custom URL set by using the CLI

At the command prompt, type:

import policy urlset <name> [-overwrite] [-delimiter <character>] [-rowSeparator <character>] -url <URL> [-interval <secs>] [-privateSet] [-canaryUrl <URL>]

import policy urlset test1 –url

Add a custom URL set by using the CLI

At the command prompt, type:

add urlset <urlset_name>


add urlset test1

Configure a URL list by using the SSL Forward Proxy wizard

Citrix recommends that you use the SSL Forward Proxy wizard as the preferred option to configure a URL list. Use the wizard to import a custom URL set and bind it to a responder policy.

  1. Navigate to Security > SSL Forward Proxy > URL Filtering > URL Lists.
  2. In the details pane, click Add.
  3. On the URL List Policy page, specify the policy name.
  4. Select an option to either import a URL set.
  5. In the URL List Policy tab page, select the Import URL Set check box and specify the following URL Set parameters.
    1. URL Set Name—Name of the custom URL set.
    2. URL—Web address of the location at which to access the URL Set.
    3. Overwrite—Overwrite a previously imported URL set.
    4. Delimiter—Character sequence that delimits a CSV file record.
    5. Row Separator—Row separator used in the CSV file.
    6. Interval—Interval in seconds, rounded off to the nearest 15 minutes, at which the URL set is updated.
    7. Private Set—Option to prevent exporting the URL set.
    8. Canary URL—Internal URL for testing if the content of the URL set is to be kept confidential. The maximum length of the URL is 2047 characters.
  6. Select a responder action from the drop-down list.
  7. Click Create and Close.

Custom URL list

Metadata semantics for custom URL sets

To import a custom URL set, add the URLs to a text file and bind it to a responder policy to block Social networking URLs.

Following are examples of URLs that you might add to the text file:, News, News, Search Engine, Search Engine, Social Media, Social Media

Configure a responder policy to block social media URLs by using the CLI

add responder action act_url_unauthorized respondwith '"HTTP/1.1 451 Unavailable For Legal Reasons\r\n\r\nURL is NOT authorized\n"

add responder policy pol_url_meta_match 'HTTP.REQ.HOSTNAME.APPEND(HTTP.REQ.URL).GET_URLSET_METADATA("u1").EQ("Social Media")' act_url_meta_match
Use case: URL filtering by using custom URL set