About URL Security Zones
URL security zones group URL namespaces according to their respective levels of trust. A URL policy setting for each URL action enforces these levels of trust. Administrators can customize the default URL security zones by changing the URL policy setting for each URL action, using the default URL security zone manager and URL security zone templates. Additionally, a supplied API provides developers with the tools to either interact with the default URL security zone manager or to create a custom URL security zone manager.
This topic contains the following sections.
- Terms
- Security Zone Manager Extensibility
- Default URL Security Zones
- Local Intranet Zone
- Trusted Sites Zone
- Internet Zone
- Restricted Sites Zone
- Local Machine Zone
- URL Actions and Policies
- Aggregate URL Actions
- URL Actions and Valid Policies
- Registry Keys
- Related topics
Terms
Here are terms used in the discussion of URL security zones.
- URL action. A browser action that can pose a security risk to the local computer.
- URL policy. A policy that determines which permission or trust level is set for a particular URL action.
- URL security zone. A group of URL namespaces that are assigned an equal level of permissions (or trust). Each URL action for the zone has an appropriate URL policy assigned to it that reflects the level of trust given to the URL namespaces in that zone.
- URL security zone template. A tool that allows users to specify levels of restriction using easy-to-understand terms: High, Medium-High, Medium, Medium-Low, and Low.
Security Zone Manager Extensibility
Applications can interact with either the default URL security zone manager or with a developer-supplied custom manager. See Implementing a Custom Security Manager. Functionality is exported by the URL monikers dynamic-link library (Urlmon.dll). For information about the other APIs exported by Urlmon.dll, see Asynchronous Pluggable Protocols and URL Monikers.
Default URL Security Zones
The following sections describe the default URL security zones.
- Local Intranet Zone
- Trusted Sites Zone
- Internet Zone
- Restricted Sites Zone
- Local Machine Zone
Local Intranet Zone
Use the Local Intranet zone for content located on an organization's intranet. Because the servers and information are within an organization's firewall, it is reasonable to assign a higher trust level to content on the intranet.
Note As of Windows Internet Explorer 7, the availability of the Local Intranet zone depends on the network configuration of the computer viewing the Web page. For more information, see Internet Explorer Blog: Dude, Where's My Local Intranet Zone?.
By default, the Local Intranet zone uses the Medium-Low Template. Note: Microsoft Internet Explorer 4.0 Local Intranet zone uses the Medium Template.
In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Trusted Sites Zone
Use the Trusted Sites zone for content located on Web sites that are considered more reputable or trustworthy than other sites on the Internet. Assigning a higher trust level to these sites minimizes the number of authentication requests. The user adds the URLs of these trusted Web sites to this zone.
By default, the Trusted Sites zone uses the Low Template.
Besides the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Internet Zone
Use the Internet zone for Web sites on the Internet that do not belong to another zone. This default setting causes Windows Internet Explorer to prompt the user whenever potentially unsafe content is about to download. Note: Web sites that are not mapped into other zones automatically fall into this zone.
By default, the Internet zone uses the Medium Template.
In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Restricted Sites Zone
Use the Restricted Sites zone for Web sites that contain content that can cause (or have previously caused) problems when downloaded. Use this zone to cause Internet Explorer to alert that potentially-unsafe content is about to download, or to prevent that content from downloading. The user adds the URLs of these untrusted Web sites to this zone.
By default, the Restricted Sites zone uses the High Template.
In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Local Machine Zone
The Local Machine zone is an implicit zone for content that exists on the local computer. The content found on the user's computer (except for content that Internet Explorer caches on the local system) is treated with a high level of trust.
Content that Internet Explorer caches is accessed through the URL of origin and is assigned to the appropriate zone for that URL.
The following table contains the default settings for the Local Machine zone.
Asynchronous pluggable protocols can specify how their URLs are assigned to a security zone. The IInternetProtocolInfo::ParseUrl method (using the PARSE_SECURITY_URL value) should return a URL that the security manager can use to make decisions.
URL Actions and Policies
Each URL security zone has a set of URL actions, with a URL policy assigned to each action. The URL actions cover all operations that have security implications. The URL policy assigned to each URL action determines how that URL action is handled. For example, URLACTION_JAVA_PERMISSIONS is checked for operations related to Java applets. To force all Java applets to run out of a sandbox (that is, prevent them from doing anything that would be a security risk to the local computer), the URL policy would be set to URLPOLICY_JAVA_HIGH.
Some URL actions are an aggregate of two or more URL actions. The user interface for the default URL security zone manager allows the user to set the aggregate value only (such as URLACTION_HTML_SUBMIT_FORMS). The browser calls the specific value (such as URLACTION_HTML_SUBMIT_FORMS_FROM) because it reacts to that particular action. If the browser's aggregate URL value has a URL policy set, then it uses that policy for the aggregate URL action and the specific URL actions it combines. You must design all security zone managers so that they can handle calls to the specific URL actions and know where to find the appropriate URL policy.
Aggregate URL Actions
The following table contains the aggregate URL actions and their aggregates.
| URL action | Aggregates |
|---|---|
| URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY | URLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY, URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY, URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY, and URLACTION_SCRIPT_OVERRIDE_SAFETY |
| URLACTION_HTML_SUBMIT_FORMS | URLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO |
URL Actions and Valid Policies
The following table contains the URL actions that the default URL security zone manager uses and the URL policies that you can assign to them. (URL actions that are new for Internet Explorer 7 appear at the bottom.)
Registry Keys
Note This information is for reference only. You should not directly manipulate the registry because information stored in the registry might not always be stored in the same location.
The registry stores the URL security zone settings in the following key.
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Zones
For Windows XP Service Pack 2 (SP2) and later, you can find the URL security lockdown zone settings in the registry in the following key.
HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Lockdown_Zones
You can determine the zones under which the Shell can open files (URLACTION_SHELL_EXECUTE_HIGHRISK) by checking the following registry values. These values correspond to the following zones, respectively: Local Machine zone, Local intranet, Trusted sites, Internet, Restricted sites.
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Internet Settings
Zones
0
1806
1
1806
2
1806
3
1806
4
1806
If a URL policy value is 0x00, the action is allowed; if a value is 0x01, the user is prompted; and if a value is 0x03, the action is not allowed. For a list of possible URL policy values, see URL Policy Flags.
Security Warning: Setting these registry keys incorrectly can compromise the security of your application. The values for these registry keys are safe by default. By adjusting these values, you might put users at risk for an elevation of privilege attack. You should review Security Considerations: URL Security Zones API before continuing.
Related topics
Conceptual