BLOG

KB No. 2331: SOCIAL NETWORKS AND URL SHORTENERS

KB OLFEO On-Premise
November 20, 2023

Olfeo now clearly includes URL shorteners in the "URL shorteners" category. The redirection mechanism of these shorteners has not changed. Olfeo's position and the possible and known risks of these links therefore remain valid. So what does this mean in reality?

BACKGROUND

We always recommend blocking these shorteners for users who do not need access to social media sites for their professional activities. URL shorteners were created for microblogging platforms where the number of characters used in a post is limited. In France, we are mainly talking about sites such as Twitter, Facebook, etc.

It is clear today that all departments and users whose professional activities are related to communication, marketing, and customer relations need to work on these platforms.

It is therefore possible to open up certain well-targeted shorteners to them using specific URL lists, while reminding them what a shortener is and, therefore, how important it is each time they use this type of link to carefully check the destination of the website in the navigation bar and not just the content of the page (phishing, etc.).

However, we would like to remind you of the potential dangers of URL shorteners, which are often used in spam, and therefore the reason for the inclusion of this category in the "security" theme:

  • Creation of an indirect system. A traditional hyperlink involves a browser, a domain name system (DNS) service, the DNS server associated with the website that publishes the original link, and the website itself. With a URL shortening service, a new player acts as a third name resolver, with the difference that it often relies on a PHP script and a MySQL database.
  • Opacification of the link destination, opening the door to spam practices. The final destination is only revealed when the link is clicked.
  • Appearance of a new "man in the middle": the URL shortening service may decide that a URL violates its terms of use and delete it. It may lose its database, forget to renew its domain name, or simply disappear. Worse, it may be hacked and its links used as a means of phishing attacks.

It is therefore important to choose carefully which reducers to open, as well as the target population!

STEPS

To date, an exception rule for these users on bit.ly and tinyurl.com will allow them to access the vast majority of links presented on these networks.

  • Add a rule to the filtering policies in webadmin. Insert the URL into a regex or URL list, in the form: .*\:\/\/bit\.ly\/.*

    Note: the .* allows you to include characters before and after the written expression.

  • Once this regex has been saved and placed ahead of other filtering policies with explicit access authorization, all that remains is to validate it.

RESOLUTION

Micro-messaging on social networking sites useful for various services is unlocked while controlling authorized shorteners, affected users, and statistics tracking the use of these shorteners.