URL security zones group URL namespaces according to their respective levels of trust. A URL policy setting for each URL action enforces these levels of trust. Administrators can customize the default URL security zones by changing the URL policy setting for each URL action, using the default URL security zone manager and URL security zone templates. Additionally, a supplied API provides developers with the tools to either interact with the default URL security zone manager or to create a custom URL security zone manager.
This topic contains the following sections.
Here are terms used in the discussion of URL security zones.
Applications can interact with either the default URL security zone manager or with a developer-supplied custom manager. See Implementing a Custom Security Manager. Functionality is exported by the URL monikers dynamic-link library (Urlmon.dll). For information about the other APIs exported by Urlmon.dll, see Asynchronous Pluggable Protocols and URL Monikers.
The following sections describe the default URL security zones.
Use the Local Intranet zone for content located on an organization's intranet. Because the servers and information are within an organization's firewall, it is reasonable to assign a higher trust level to content on the intranet.
Use the Trusted Sites zone for content located on Web sites that are considered more reputable or trustworthy than other sites on the Internet. Assigning a higher trust level to these sites minimizes the number of authentication requests. The user adds the URLs of these trusted Web sites to this zone.
Besides the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Use the Internet zone for Web sites on the Internet that do not belong to another zone. This default setting causes Internet Explorer to prompt the user whenever potentially unsafe content is about to download. Note: Web sites that are not mapped into other zones automatically fall into this zone.
In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
Use the Restricted Sites zone for Web sites that contain content that can cause (or have previously caused) problems when downloaded. Use this zone to cause Internet Explorer to alert that potentially-unsafe content is about to download, or to prevent that content from downloading. The user adds the URLs of these untrusted Web sites to this zone.
In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.
The Local Machine zone is an implicit zone for content that exists on the local computer. The content found on the user's computer (except for content that Internet Explorer caches on the local system) is treated with a high level of trust.
Content that Internet Explorer caches is accessed through the URL of origin and is assigned to the appropriate zone for that URL.
The following table contains the default settings for the Local Machine zone.
Asynchronous pluggable protocols can specify how their URLs are assigned to a security zone. The IInternetProtocolInfo::ParseUrl method (using the PARSE_SECURITY_URL value) should return a URL that the security manager can use to make decisions.
Each URL security zone has a set of URL actions, with a URL policy assigned to each action. The URL actions cover all operations that have security implications. The URL policy assigned to each URL action determines how that URL action is handled. For example, URLACTION_JAVA_PERMISSIONS is checked for operations related to Java applets. To force all Java applets to run out of a sandbox (that is, prevent them from doing anything that would be a security risk to the local computer), the URL policy would be set to URLPOLICY_JAVA_HIGH.
Some URL actions are an aggregate of two or more URL actions. The user interface for the default URL security zone manager allows the user to set the aggregate value only (such as URLACTION_HTML_SUBMIT_FORMS). The browser calls the specific value (such as URLACTION_HTML_SUBMIT_FORMS_FROM) because it reacts to that particular action. If the browser's aggregate URL value has a URL policy set, then it uses that policy for the aggregate URL action and the specific URL actions it combines. You must design all security zone managers so that they can handle calls to the specific URL actions and know where to find the appropriate URL policy.
The following table contains the aggregate URL actions and their aggregates.
The following table contains the URL actions that the default URL security zone manager uses and the URL policies that you can assign to them. (URL actions that are new for Internet Explorer 7 appear at the bottom.)
| URL action | Valid URL policies for the URL action |
|---|
| URLACTION_ACTIVEX_NO_WEBOC_SCRIPT | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTION | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ACTIVEX_RUN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW, URLPOLICY_ACTIVEX_CHECK_LIST |
| URLACTION_ACTIVEX_TREATASUNTRUSTED | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ALLOW_RESTRICTEDPROTOCOLS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_AUTOMATIC_ACTIVEX_UI | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_AUTOMATIC_DOWNLOAD_UI | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_BEHAVIOR_RUN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW, URLPOLICY_BEHAVIOR_CHECK_LIST |
| URLACTION_CHANNEL_SOFTDIST_PERMISSIONS | URLPOLICY_CHANNEL_SOFTDIST_PROHIBIT, URLPOLICY_CHANNEL_SOFTDIST_PRECACHE, URLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL |
| URLACTION_CLIENT_CERT_PROMPT | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_COOKIES | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_COOKIES_ENABLED | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_COOKIES_SESSION | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_COOKIES_SESSION_THIRD_PARTY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_COOKIES_THIRD_PARTY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_CREDENTIALS_USE | URLPOLICY_CREDENTIALS_SILENT_LOGON_OK, URLPOLICY_CREDENTIALS_MUST_PROMPT_USER, URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT, URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY |
| URLACTION_CROSS_DOMAIN_DATA | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_DOWNLOAD_SIGNED_ACTIVEX | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_MIME_SNIFFING | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_WINDOW_RESTRICTIONS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_ZONE_ELEVATION | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_FONT_DOWNLOAD | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_INCLUDE_FILE_PATH | URLPOLICY_ALLOW, URLPOLICY_DISALLOW |
| URLACTION_HTML_JAVA_RUN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_META_REFRESH | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_MIXED_CONTENT | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_SUBFRAME_NAVIGATE | URLPOLICY_ALLOW, URLPOLICY_DISALLOW |
| URLACTION_HTML_SUBMIT_FORMS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_HTML_USERDATA_SAVE | URLPOLICY_ALLOW, URLPOLICY_DISALLOW |
| URLACTION_JAVA_PERMISSIONS | URLPOLICY_JAVA_PROHIBIT, URLPOLICY_JAVA_HIGH, URLPOLICY_JAVA_MEDIUM, URLPOLICY_JAVA_LOW, URLPOLICY_JAVA_CUSTOM |
| URLACTION_SCRIPT_JAVA_USE | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SCRIPT_PASTE | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SCRIPT_RUN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SCRIPT_SAFE_ACTIVEX | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_EXECUTE_HIGHRISK | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_EXECUTE_LOWRISK | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_EXECUTE_MODRISK | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_FILE_DOWNLOAD | URLPOLICY_ALLOW, URLPOLICY_DISALLOW |
| URLACTION_SHELL_INSTALL_DTITEMS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_MOVE_OR_COPY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_POPUPMGR | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_RTF_OBJECTS_LOAD | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_SHELLEXECUTE | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_VERB | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_WEBVIEW_VERB | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| New for Internet Explorer 7 |
|---|
| URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATION | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ACTIVEX_OVERRIDE_OPTIN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ACTIVEX_SCRIPTLET_RUN | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_ALLOW_APEVALUATION | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_FORCE_ADDR_AND_STATUS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_SCRIPT_STATUS_BAR | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_LOOSE_XAML | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_LOWRIGHTS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_SHELL_EXTENSIONSECURITY | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_WINDOWS_BROWSER_APPLICATIONS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_WINFX_SETUP | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_XPS_DOCUMENTS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| New for Internet Explorer 8 |
|---|
| URLACTION_DOTNET_USERCONTROLS | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
| URLACTION_FEATURE_DATA_BINDING | URLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW |
For Windows XP Service Pack 2 (SP2) and later, you can find the URL security lockdown zone settings in the registry in the following key.
You can determine the zones under which the Shell can open files (URLACTION_SHELL_EXECUTE_HIGHRISK) by checking the following registry values. These values correspond to the following zones, respectively: Local Machine zone, Local intranet, Trusted sites, Internet, Restricted sites.