Whitelist URLs through URL lists.
Custom URL lists provide flexibility to override the predefined Netskope URL category mapping for a specific URL and/or enhance them by creating custom URL categories. This is particularly useful in cases where the Netskope predefined URL category lacks a mapping for a URL (uncategorized).
Before initiating the process, assemble a list of URLs for inclusion in a policy scan. Additionally, if necessary, generate a separate list of URLs to be excluded from the policy scan. You have the option to input the URLs manually through the user interface, generate a CSV file containing all the URLs, or utilize the REST API V2. After completing this task, it is essential to establish a custom category for application in a policy.
Important: URL List enhancements are applicable for Real-time Protection policies, SSL Decryption policies, steering exceptions, and REST API V2. Contact Support to enable these enhancements in your account.
To add a URL list:
Go to Policies > Web > URL Lists.
To add a new URL list, click New URL List.
Enter a name for your URL list.
In the URL & IP Address enter our URLs or IP addresses separated by a new line, or upload a CSV file (max upload is 8 MB). You can also define a port number for URLs.
Add the following URLs to the list
Domain Name | Description |
*.right-hand.ai | Platform |
*.linktologin.com | Landing Pages |
*.ssotowebsite.com | Landing Pages |
*.linktosso.com | Landing Pages |
*.inbox-login.com | Landing Pages |
*.bankng-login.com | Landing Pages |
*.verified-login.com | Landing Pages |
*.authupdate.com | Landing Pages |
*.resetlogin.com | Landing Pages |
*.account-protect.me | Landing Pages |
*.discountOffer.com | Landing Pages |
*.grnaill.com | Landing Pages |
*.mailboxaccess.com | Landing Pages |
*.rnicrosoftlogin.com | Landing Pages |
*.linkdinapp.com | Landing Pages |
Add the below IP Address to the list
IP Address | Service Description |
168.245.54.27 | Phishing Readiness / Onboarding/ Training |
Note: Support for IP addresses is in Controlled GA. If you want to enable this feature in your tenant, contact your sales team.
Wildcard domains, such as *.example.com, encompass both the root domain and all its subdomains. It's important to note that if your URL list contains two or more wildcard entries, along with subdomains and paths, the Netskope service prioritizes the longest entry for categorization.
Additionally, you have the option to include IP address ranges and specific IP addresses using CIDR notation.
Tip
When creating a URL list for destination IP addresses, consider the following:
When you create a Real-time Protection policy for destination IP addresses, you can also create an SSL Do Not Decrypt policy. However, if the Real-time Protection policy’s action is blocked, then the activity will be blocked without SSL interception. In other words, the block page will not appear for users when they access the destination IP addresses.
To block the activity with SSL interception, you must create a Real-time Protection policy only without an SSL policy.
When you create a URL list for destination IP addresses, the No SNI error setting option is unavailable. This is because when a user accesses a destination IP address, there’s no SNI.
To learn more about adding URLs and IP addresses, see URL List Best Practices.
5. Click Save.
6. Click Apply Changes.
Note: The REST API can be used to add to an existing URL list, but not create a new URL list. For more information, refer to Update a URL List.
7. Optionally, if you have URL List enhancements enabled in your account, you will see the following window and options. Select URL Type > Exact Match or Regex. Admins can use regex-based URL matching in the URL List. See URL List Best Practices for the regex syntac guidelines. The default behavior is exact match URLs.
8. Type the URLs separated by a new line (not comma separated) or upload a CSV file (max upload is 8 MB) and click Next.
9. Enter a name for your URL list and click Save URL List.
10. Click Apply Changes.