About URL Security Zones

About URL Security Zones


To fully understand URL security zones, you need to understand a few terms:

Previously, Microsoft® Internet Explorer utilized the same security policy for all URL name spaces. Each URL action in a particular security level was handled by a predetermined URL policy, which could not be changed. In Internet Explorer 4.0, URL name-spaces are divided into URL security zones, which have different levels of trust assigned to them. Users can easily customize the default URL security zones by changing the URL policy settings for each URL action with the user interface provided by Microsoft Internet Explorer.

Default URL Security Zones

The default URL security zones used by Internet Explorer 4.0 are:

The Intranet zone is used for content located on a company's intranet. Since the servers and information would be within a company's firewall, a user or company could assign a higher trust level to the content on their intranet.

The following table contains the default settings for the intranet zone.
URL Action URL Policy Aggregates
URLACTION_ACTIVEX_RUN URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_QUERY none
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_DISALLOW none
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_QUERY URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW none
URLACTION_SCRIPT_JAVA_USE URLPOLICY_ALLOW none
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_HIGH none
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_ALLOW none
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_QUERY none
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_QUERY URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_QUERY none
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_QUERY none
URLACTION_SHELL_VERB URLPOLICY_ALLOW none
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_MUST_PROMPT_USER none
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PRECACHE none
URLACTION_SHELL_WEBVIEW_VERB URLPOLICY_ALLOW none

The Trusted Web sites zone is used for content located on Web sites that are considered more reputable and/or trustworthy than other sites on the Internet. Users can use this zone to assign a higher trust level to these sites to minimize the number of authentication requests. The URLs of these trusted Web sites would need to be mapped into this zone.

The following table contains the default settings for the Trusted Web sites zone.
URL Action URL Policy Aggregates
URLACTION_ACTIVEX_RUN URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_QUERY none
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_QUERY URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW none
URLACTION_SCRIPT_JAVA_USE URLPOLICY_ALLOW none
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_LOW none
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_ALLOW none
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_QUERY none
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_ALLOW URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_ALLOW none
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_ALLOW none
URLACTION_SHELL_VERB URLPOLICY_QUERY none
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_SILENT_LOGON_OK none
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL none
URLACTION_SHELL_WEBVIEW_VERB URLPOLICY_ALLOW none

The Internet zone is used for the Web sites on the Internet that do not belong to another zone. The default settings would cause the user to be prompted whenever potentially unsafe content was about to be downloaded. Web sites that are not mapped into other zones automatically fall into this zone.

The following table contains the default settings for the Internet zone.
URL Action URL Policy Aggregates
URLACTION_ACTIVEX_RUN URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_QUERY none
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_DISALLOW none
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_QUERY URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW none
URLACTION_SCRIPT_JAVA_USE URLPOLICY_ALLOW none
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_HIGH none
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_ALLOW none
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_QUERY none
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_QUERY URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_QUERY none
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_QUERY none
URLACTION_SHELL_VERB URLPOLICY_QUERY none
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_MUST_PROMPT_USER none
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PRECACHE none
URLACTION_SHELL_WEBVIEW_VERB URLPOLICY_QUERY none

The Untrusted sites zone is used for Web sites that contain content that could cause, or have caused, problems when downloaded. This zone could be used to cause the user to be prompted every time potentially unsafe content was about to be downloaded or prevent that content from being downloaded. The URLs of these untrusted Web sites would need to be mapped into this zone.

The following table contains the default settings for the untrusted sites zone.
URL Action URL Policy Aggregates
URLACTION_ACTIVEX_RUN URLPOLICY_DISALLOW none
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_DISALLOW none
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_DISALLOW none
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_DISALLOW URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW none
URLACTION_SCRIPT_JAVA_USE URLPOLICY_DISALLOW none
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_HIGH none
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_QUERY none
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_DISALLOW none
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_DISALLOW URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_DISALLOW none
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_DISALLOW none
URLACTION_SHELL_VERB URLPOLICY_DISALLOW none
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_MUST_PROMPT_USER none
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT none
URLACTION_SHELL_WEBVIEW_VERB URLPOLICY_QUERY none

There is also an implicit zone used for content that exists on the local computer. The content found on the local machine , except for content cached by Microsoft Internet Explorer on the local system, is treated with a high level of trust. Content that has been cached by Microsoft Internet Explorer is accessed through the URL of origin and is assigned to the appropriate zone.

The following table contains the default settings for the local machine zone.
URL Action URL Policy Aggregates
URLACTION_ACTIVEX_RUN URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_SIGNED_ACTIVEX URLPOLICY_ALLOW none
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX URLPOLICY_ALLOW none
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY URLPOLICY_QUERY URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY and URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY
URLACTION_SCRIPT_RUN URLPOLICY_ALLOW none
URLACTION_SCRIPT_JAVA_USE URLPOLICY_ALLOW none
URLACTION_JAVA_PERMISSIONS URLPOLICY_JAVA_MEDIUM none
URLACTION_HTML_FONT_DOWNLOAD URLPOLICY_ALLOW none
URLACTION_SHELL_FILE_DOWNLOAD URLPOLICY_ALLOW none
URLACTION_HTML_SUBMIT_FORMS URLPOLICY_ALLOW URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO
URLACTION_SHELL_INSTALL_DTITEMS URLPOLICY_ALLOW none
URLACTION_SHELL_MOVE_OR_COPY URLPOLICY_ALLOW none
URLACTION_SHELL_VERB URLPOLICY_ALLOW none
URLACTION_CREDENTIALS_USE URLPOLICY_CREDENTIALS_SILENT_LOGON_OK none
URLACTION_CHANNEL_SOFTDIST_PERMISSIONS URLPOLICY_CHANNEL_SOFTDIST_PRECACHE none
URLACTION_SHELL_WEBVIEW_VERB URLPOLICY_ALLOW none

Asynchronous pluggable protocols can specify how its URLs should be assigned to a security zone. The IInternetProtocolInfo::ParseUrl method using the PARSE_SECURITY_URL value should return a URL that can be used by the security manager to make decisions.

URL Actions and Policies

Each URL security zone has a set of URL actions with a URL policy assigned to it. The URL actions cover all operations that have security implications. A URL policy is assigned to each URL action to determine how that URL action will be handled. For example, URLACTION_JAVA_PERMISSIONS would be checked for operations related to Java applets. To force all Java applets to run out of a sandbox (that is, prevent it from doing anything that would be a security risk to the local computer), the URL policy would be set to URLPOLICY_JAVA_HIGH.

Some URL actions are an aggregate of two or more URL actions. The user interface for the default URL security zone manager would allow the user to set the aggregate value only (such as URLACTION_HTML_SUBMIT_FORMS). The browser would call the specific value (such as URLACTION_HTML_SUBMIT_FORMS_FROM) because it is reacting to that particular action. If the aggregate URL action has a URL policy set, that policy is used for the aggregate URL action and the specific URL actions it aggregated. All security zone managers must be designed to handle calls to the specific URL actions and know where to find the appropriate URL policy.

© 1997 Microsoft Corporation. All rights reserved. Terms of Use.