1. What are the changes coming in from October 5th?
Beginning October 5th, there will some changes to the URL filter categories. There are some new category additions as well as some modifications to existing categories. These are listed in the table below.
|Category ID||Category Name||Category Description|
|20097||VPN||An encrypted connection over the internet from a computer to a network. VPN sites provide levels of privacy and anonymity with speed improvements.|
|20098||Web Conferencing||Online conferencing and collaboration services including web meetings, webinars, and webcasts.|
|20099||Fandom||Online resources based on interest in a popular entity in pop culture. These entities are usually fictional characters, fictional settings, performers, artists, movies, or television shows.|
|20100||Child Safety and Government Help Lines||Websites that assist children, youth, and families seeking help. These sites include helplines to promote well-being, and hotlines to report cases of neglect or abuse.|
|20101||Self Help||Websites for self-help including mental health, spiritual well-being, life coaching, or wellness. Sites dedicated to job and career development are categorized as Career Advancement.|
|20660||TikTok||TikTok social networking sites.|
Category Modifications (either to the Category Name or Description):
|Category ID||Category Name||Category Description|
|103||Medication||Sites offering over the counter or prescription drugs, or common medicines and natural products.|
|204||Violence||Any site that displays or promotes content related to violence against humans or animals is placed in this category. Does not include sites that advocate any means of harming oneself.|
|210||Self-Harm||Sites that contain examples or promotion of self-harm. This includes suicide, cutting, and advocacy of eating disorders or euthanasia.|
|604||Finance and Banking*||All aspects of personal and corporate finance are included here. Sites that provide price comparisons between financial products. Sites that report or comment on financial matters.|
|1104||Streaming Media||Any site whose primary function is the distribution of streaming media or to allow users to search or watch streaming media. This does not include audio and spoken word podcasts.|
|2001||Music and Streaming Audio*||Any site whose primary function is the distribution of streaming music, or the downloading of music. Includes sites for podcasts and spoken word audio.|
|2003||Entertainer/Celebrity/Pop Culture*||Sites that provide information about entertainers, famous people, or popular culture.|
|2004||Dining/Gourmet||Sites relating to restaurants, whether eat-in or takeaway. All recipes and cuisine related sites are listed in this category. Includes farms and other foodstuff manufacturers. Does not include bars and restaurants whose main function is to serve alcohol.|
|2005||Entertainment/Venues/Activities||Cinema, live entertainment, entertainment venues, social venues, meeting places, party/event venues, amusement parks, comedy clubs, etc. Popular culture is not included.|
|20016||Health||All sites related to personal health, hospitals, clinics, and related services.|
*Changes in Category Name.
Non-starred entries have changes made in the category description
|Category ID||Category Name|
2. How it impacts current users?
Since the URL categorization policies used on ADC will not recognise these newly added/changed categories due to the category changes on URL Filtering Database backend, it can cause following issues to happen:
- For the newly added categories, User will not get cloud categorization result for those websites; local lookups might lead to incorrect mappings.
- For the categories whose names have been changed, Users using older names will see policies not being hit for expected traffic.
|NOTE: If you are not using the categories which have Category Name modified and do not want to immediately use the new categories in your configurations, you will not be noticing any functional breakage. You can skip the workaround devised in this article and wait for the next release in which the functionality will be added to the ADC firmware.|
3. What versions are affected?
- All versions that use URL Filtering will be affected by this until we release the patched versions.
4. What steps do the customers need to take and by when?
- The workaround needs to be put in place by Oct 5th.
|NOTE: Please implement the workaround only if you are an admin or have deep understanding of Citrix ADC Functionality. Otherwise please reach out to Citrix Technical Support team (+1800 111 300) or your Account managers for assistance.|
- Step 1 > disable ns feature urlfiltering
- Step 2 > Put the new category files (download from Sharefile Link) in a new directory /var/netstar. Replace the contents of folder /var/gcf1/data/* with the files in /var/netstar/db_files directory on <placeholder for sf link> using following command on nscli >
cp -pf /var/netstar/db_files/fcdb.info /var/gcf1/data/
cp -pf /var/netstar/db_files/fcdb.now /var/gcf1/data/
cp -pf /var/netstar/db_files/scdb.info /var/gcf1/data
cp -pf /var/netstar/db_files/scdb.now /var/gcf1/data/
- Step 3 Replace the usr/local/etc/categories. * And usr/local/etc/reputation.map files with new files in /var/netstar/cat_files. Also add the copy commands to /nsconfig/nsbefore.sh on the ADC so that the files are reboot persistent –
cp -pf /var/netstar/cat_files/categories.info /usr/local/etc/
cp -pf /var/netstar/cat_files/categories.map /usr/local/etc/
cp -pf /var/netstar/cat_files/categories.priority /usr/local/etc/
cp -pf /var/netstar/cat_files/reputations.map /usr/local/etc
/netscaler/nscli -U %%:nsroot:. -c “disable ns feature URLFiltering”
/netscaler/nscli -U %%:nsroot:. -c “enable ns feature URLFiltering”
- Step 4 > enable ns fe urlfiltering and check for functionality after few minutes. DB Update should start with this command and functionality can be tested once the update is completed
- Step 5 > Change URLfiltering policies to accommodate the modified names.