What is URL Filtering?
URL Filtering is a security measure in which access to websites is controlled based on their URL, domain or category. It enables organisations to block unwanted, unsafe or unnecessary web requests.
In OT environments, URL Filtering prevents systems such as Engineering Stations, HMIs or Jump Servers from connecting to malicious or unauthorised web sources.
🧠 Why is URL Filtering important in OT?
| Risk without filtering | Possible consequence |
|---|---|
| Access to malware-hosting sites | Drive-by download or phishing |
| Visits to unauthorised cloud services | Data exfiltration, shadow IT |
| Unintended click on a phishing link | Stolen credentials or session tokens |
| Automatic updates from unsafe sources | Supply chain risk, installation of unverified software |
In OT systems that sometimes have (temporary) access to the internet or cloud, web traffic is an underestimated attack vector.
🔍 What can you filter on?
| Filter type | Examples |
|---|---|
| Category | Social media, file sharing, hacking tools, adult |
| Domain name | example.com, vendor-support.com |
| Subdomain | updates.vendor.com, malicious.attacker.org |
| URL path | /download/firmware.exe, /scripts/backdoor.js |
| Geolocation (optional) | Domains from high-risk regions (e.g. Russia, North Korea) |
| Time-based | Access only during a maintenance window |
🛠️ Application in OT networks
| Location | Application |
|---|---|
| Jump Server | Filter all outbound traffic to the internet |
| Engineering Station | Block access to everything except whitelisted vendor portals |
| Proxy server | Centrally enforce filtering rules |
| Firewall or NGFW | URL Filtering as part of deep packet inspection |
🔐 Combination with other security measures
| Combined with | Result |
|---|---|
| DNS Monitoring | Domain-name and URL-path control |
| Anomaly detection | Detect unusual browsing behaviour on OT systems |
| Security Awareness | Support safe browsing through policy and training |
| Application Whitelisting | Combine network and local application control |
✅ Best practices
- Use a URL whitelist for OT: only access to trusted vendor, support or update portals
- Block all other categories by default (default-deny)
- Periodically review for false positives/negatives
- Forward alerts to your SIEM or SOC
- Make sure that temporary internet connections (e.g. for maintenance) also pass through filtering
📌 In summary
URL Filtering protects OT systems against uncontrolled web traffic and is essential when systems have access to external resources. Combined with DNS Monitoring and Application Control, it provides a strong layer of defence.