Welcome Sign in
Internet Explorer Developer Center
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
Security Zones
Overviews/Tutorials
 About URL Security Zones
About URL Security Zones

URL security zones group URL namespaces according to their respective levels of trust. A URL policy setting for each URL action enforces these levels of trust. Administrators can customize the default URL security zones by changing the URL policy setting for each URL action, using the default URL security zone manager and URL security zone templates. Additionally, a supplied API provides developers with the tools to either interact with the default URL security zone manager or to create a custom URL security zone manager.

This topic contains the following sections.

Terms

Here are terms used in the discussion of URL security zones.

  • URL action. A browser action that can pose a security risk to the local computer.
  • URL policy. A policy that determines which permission or trust level is set for a particular URL action.
  • URL security zone. A group of URL namespaces that are assigned an equal level of permissions (or trust). Each URL action for the zone has an appropriate URL policy assigned to it that reflects the level of trust given to the URL namespaces in that zone.
  • URL security zone template. A tool that allows users to specify levels of restriction using easy-to-understand terms: High, Medium-High, Medium, Medium-Low, and Low.

Security Zone Manager Extensibility

Applications can interact with either the default URL security zone manager or with a developer-supplied custom manager. See Implementing a Custom Security Manager. Functionality is exported by the URL monikers dynamic-link library (Urlmon.dll). For information about the other APIs exported by Urlmon.dll, see Asynchronous Pluggable Protocols and URL Monikers.

Default URL Security Zones

The following sections describe the default URL security zones.

Local Intranet Zone

Use the Local Intranet zone for content located on an organization's intranet. Because the servers and information are within an organization's firewall, it is reasonable to assign a higher trust level to content on the intranet.

By default, the Local Intranet zone uses the Medium-Low Template. Note: Microsoft Internet Explorer 4.0 Local Intranet zone uses the Medium Template.

In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.

Trusted Sites Zone

Use the Trusted Sites zone for content located on Web sites that are considered more reputable or trustworthy than other sites on the Internet. Assigning a higher trust level to these sites minimizes the number of authentication requests. The user adds the URLs of these trusted Web sites to this zone.

By default, the Trusted Sites zone uses the Low Template.

Besides the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.

Internet Zone

Use the Internet zone for Web sites on the Internet that do not belong to another zone. This default setting causes Windows Internet Explorer to prompt the user whenever potentially unsafe content is about to download. Note: Web sites that are not mapped into other zones automatically fall into this zone.

By default, the Internet zone uses the Medium Template.

In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.

Restricted Sites Zone

Use the Restricted Sites zone for Web sites that contain content that can cause (or have previously caused) problems when downloaded. Use this zone to cause Internet Explorer to alert that potentially-unsafe content is about to download, or to prevent that content from downloading. The user adds the URLs of these untrusted Web sites to this zone.

By default, the Restricted Sites zone uses the High Template.

In addition to the settings that the default template defines, there is a hidden setting, URLACTION_SHELL_WEBVIEW_VERB, which is set to URLPOLICY_ALLOW.

Local Machine Zone

The Local Machine zone is an implicit zone for content that exists on the local computer. The content found on the user's computer (except for content that Internet Explorer caches on the local system) is treated with a high level of trust.

Content that Internet Explorer caches is accessed through the URL of origin and is assigned to the appropriate zone for that URL.

The following table contains the default settings for the Local Machine zone.

URL actionURL policy
URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATIONURLPOLICY_ALLOW
URLACTION_ACTIVEX_NO_WEBOC_SCRIPTURLPOLICY_ALLOW
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETYURLPOLICY_QUERY
URLACTION_ACTIVEX_OVERRIDE_OPTINURLPOLICY_ALLOW
URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTIONURLPOLICY_ALLOW
URLACTION_ACTIVEX_RUNURLPOLICY_ALLOW
URLACTION_ACTIVEX_SCRIPTLET_RUNURLPOLICY_ALLOW
URLACTION_ALLOW_APEVALUATIONURLPOLICY_DISALLOW
URLACTION_ALLOW_RESTRICTEDPROTOCOLSURLPOLICY_QUERY
URLACTION_AUTOMATIC_ACTIVEX_UIURLPOLICY_ALLOW
URLACTION_AUTOMATIC_DOWNLOAD_UIURLPOLICY_ALLOW
URLACTION_BEHAVIOR_RUNURLPOLICY_ALLOW
URLACTION_CHANNEL_SOFTDIST_PERMISSIONSURLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL
URLACTION_CLIENT_CERT_PROMPTURLPOLICY_ALLOW
URLACTION_COOKIESURLPOLICY_ALLOW
URLACTION_COOKIES_ENABLEDURLPOLICY_ALLOW
URLACTION_COOKIES_SESSIONURLPOLICY_ALLOW
URLACTION_COOKIES_SESSION_THIRD_PARTYURLPOLICY_ALLOW
URLACTION_COOKIES_THIRD_PARTYURLPOLICY_ALLOW
URLACTION_CREDENTIALS_USEURLPOLICY_CREDENTIALS_SILENT_LOGON_OK
URLACTION_CROSS_DOMAIN_DATAURLPOLICY_ALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEXURLPOLICY_ALLOW
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEXURLPOLICY_ALLOW
URLACTION_FEATURE_FORCE_ADDR_AND_STATUSURLPOLICY_ALLOW
URLACTION_FEATURE_MIME_SNIFFINGURLPOLICY_ALLOW
URLACTION_FEATURE_SCRIPT_STATUS_BARURLPOLICY_ALLOW
URLACTION_FEATURE_WINDOW_RESTRICTIONSURLPOLICY_ALLOW
URLACTION_FEATURE_ZONE_ELEVATIONURLPOLICY_DISALLOW
URLACTION_HTML_FONT_DOWNLOADURLPOLICY_ALLOW
URLACTION_HTML_INCLUDE_FILE_PATHURLPOLICY_DISALLOW
URLACTION_HTML_JAVA_RUNURLPOLICY_ALLOW
URLACTION_HTML_META_REFRESHURLPOLICY_ALLOW
URLACTION_HTML_MIXED_CONTENTURLPOLICY_QUERY
URLACTION_HTML_SUBFRAME_NAVIGATEURLPOLICY_ALLOW
URLACTION_HTML_SUBMIT_FORMSURLPOLICY_ALLOW
URLACTION_HTML_USERDATA_SAVEURLPOLICY_ALLOW
URLACTION_JAVA_PERMISSIONSURLPOLICY_JAVA_MEDIUM
URLACTION_LOOSE_XAMLURLPOLICY_ALLOW
URLACTION_SCRIPT_JAVA_USEURLPOLICY_ALLOW
URLACTION_SCRIPT_PASTEURLPOLICY_ALLOW
URLACTION_SCRIPT_RUNURLPOLICY_ALLOW
URLACTION_SCRIPT_SAFE_ACTIVEXURLPOLICY_ALLOW
URLACTION_SHELL_EXECUTE_HIGHRISKURLPOLICY_ALLOW
URLACTION_SHELL_EXECUTE_LOWRISKURLPOLICY_ALLOW
URLACTION_SHELL_EXECUTE_MODRISKURLPOLICY_ALLOW
URLACTION_SHELL_FILE_DOWNLOADURLPOLICY_ALLOW
URLACTION_SHELL_INSTALL_DTITEMSURLPOLICY_ALLOW
URLACTION_SHELL_MOVE_OR_COPYURLPOLICY_ALLOW
URLACTION_SHELL_POPUPMGRURLPOLICY_DISALLOW
URLACTION_SHELL_RTF_OBJECTS_LOADURLPOLICY_ALLOW
URLACTION_SHELL_SHELLEXECUTEURLPOLICY_ALLOW
URLACTION_SHELL_VERBURLPOLICY_ALLOW
URLACTION_SHELL_WEBVIEW_VERBURLPOLICY_ALLOW
URLACTION_WINDOWS_BROWSER_APPLICATIONSURLPOLICY_ALLOW
URLACTION_WINFX_SETUPURLPOLICY_ALLOW
URLACTION_XPS_DOCUMENTSURLPOLICY_ALLOW

Asynchronous pluggable protocols can specify how their URLs are assigned to a security zone. The IInternetProtocolInfo::ParseUrl method (using the PARSE_SECURITY_URL value) should return a URL that the security manager can use to make decisions.

URL Actions and Policies

Each URL security zone has a set of URL actions, with a URL policy assigned to each action. The URL actions cover all operations that have security implications. The URL policy assigned to each URL action determines how that URL action is handled. For example, URLACTION_JAVA_PERMISSIONS is checked for operations related to Java applets. To force all Java applets to run out of a sandbox (that is, prevent them from doing anything that would be a security risk to the local computer), the URL policy would be set to URLPOLICY_JAVA_HIGH.

Some URL actions are an aggregate of two or more URL actions. The user interface for the default URL security zone manager allows the user to set the aggregate value only (such as URLACTION_HTML_SUBMIT_FORMS). The browser calls the specific value (such as URLACTION_HTML_SUBMIT_FORMS_FROM) because it reacts to that particular action. If the browser's aggregate URL value has a URL policy set, then it uses that policy for the aggregate URL action and the specific URL actions it combines. You must design all security zone managers so that they can handle calls to the specific URL actions and know where to find the appropriate URL policy.

Aggregate URL Actions

The following table contains the aggregate URL actions and their aggregates.

URL actionAggregates
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETYURLACTION_ACTIVEX_CONFIRM_NOOBJECTSAFETY, URLACTION_ACTIVEX_OVERRIDE_DATA_SAFETY, URLACTION_ACTIVEX_OVERRIDE_SCRIPT_SAFETY, and URLACTION_SCRIPT_OVERRIDE_SAFETY
URLACTION_HTML_SUBMIT_FORMSURLACTION_HTML_SUBMIT_FORMS_FROM and URLACTION_HTML_SUBMIT_FORMS_TO

URL Actions and Valid Policies

The following table contains the URL actions that the default URL security zone manager uses and the URL policies that you can assign to them. (URL actions that are new for Internet Explorer 7 appear at the bottom.)

URL actionValid URL policies for the URL action
URLACTION_ACTIVEX_NO_WEBOC_SCRIPTURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ACTIVEX_OVERRIDE_OBJECT_SAFETYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ACTIVEX_OVERRIDE_REPURPOSEDETECTIONURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ACTIVEX_RUNURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW, URLPOLICY_ACTIVEX_CHECK_LIST
URLACTION_ACTIVEX_TREATASUNTRUSTEDURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ALLOW_RESTRICTEDPROTOCOLSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_AUTOMATIC_ACTIVEX_UIURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_AUTOMATIC_DOWNLOAD_UIURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_BEHAVIOR_RUNURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW, URLPOLICY_BEHAVIOR_CHECK_LIST
URLACTION_CHANNEL_SOFTDIST_PERMISSIONSURLPOLICY_CHANNEL_SOFTDIST_PROHIBIT, URLPOLICY_CHANNEL_SOFTDIST_PRECACHE, URLPOLICY_CHANNEL_SOFTDIST_AUTOINSTALL
URLACTION_CLIENT_CERT_PROMPTURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_COOKIESURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_COOKIES_ENABLEDURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_COOKIES_SESSIONURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_COOKIES_SESSION_THIRD_PARTYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_COOKIES_THIRD_PARTYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_CREDENTIALS_USEURLPOLICY_CREDENTIALS_SILENT_LOGON_OK, URLPOLICY_CREDENTIALS_MUST_PROMPT_USER, URLPOLICY_CREDENTIALS_CONDITIONAL_PROMPT, URLPOLICY_CREDENTIALS_ANONYMOUS_ONLY
URLACTION_CROSS_DOMAIN_DATAURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_DOWNLOAD_SIGNED_ACTIVEXURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_DOWNLOAD_UNSIGNED_ACTIVEXURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_FEATURE_MIME_SNIFFINGURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_FEATURE_WINDOW_RESTRICTIONSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_FEATURE_ZONE_ELEVATIONURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_FONT_DOWNLOADURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_INCLUDE_FILE_PATHURLPOLICY_ALLOW, URLPOLICY_DISALLOW
URLACTION_HTML_JAVA_RUNURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_META_REFRESHURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_MIXED_CONTENTURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_SUBFRAME_NAVIGATEURLPOLICY_ALLOW, URLPOLICY_DISALLOW
URLACTION_HTML_SUBMIT_FORMSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_HTML_USERDATA_SAVEURLPOLICY_ALLOW, URLPOLICY_DISALLOW
URLACTION_JAVA_PERMISSIONSURLPOLICY_JAVA_PROHIBIT, URLPOLICY_JAVA_HIGH, URLPOLICY_JAVA_MEDIUM, URLPOLICY_JAVA_LOW, URLPOLICY_JAVA_CUSTOM
URLACTION_SCRIPT_JAVA_USEURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SCRIPT_PASTEURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SCRIPT_RUNURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SCRIPT_SAFE_ACTIVEXURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_ENHANCED_DRAGDROP_SECURITYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_EXECUTE_HIGHRISKURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_EXECUTE_LOWRISKURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_EXECUTE_MODRISKURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_FILE_DOWNLOADURLPOLICY_ALLOW, URLPOLICY_DISALLOW
URLACTION_SHELL_INSTALL_DTITEMSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_MOVE_OR_COPYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_POPUPMGRURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_RTF_OBJECTS_LOADURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_SHELLEXECUTEURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_VERBURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_WEBVIEW_VERBURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
New for Internet Explorer 7
URLACTION_ACTIVEX_DYNSRC_VIDEO_AND_ANIMATIONURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ACTIVEX_OVERRIDE_OPTINURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ACTIVEX_SCRIPTLET_RUNURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_ALLOW_APEVALUATIONURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_FEATURE_FORCE_ADDR_AND_STATUSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_FEATURE_SCRIPT_STATUS_BARURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_LOOSE_XAMLURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_LOWRIGHTSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_SHELL_EXTENSIONSECURITYURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_WINDOWS_BROWSER_APPLICATIONSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_WINFX_SETUPURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW
URLACTION_XPS_DOCUMENTSURLPOLICY_ALLOW, URLPOLICY_QUERY, URLPOLICY_DISALLOW

Registry Keys

Note  This information is for reference only. You should not directly manipulate the registry because information stored in the registry might not always be stored in the same location.

The registry stores the URL security zone settings in the following key.

  • HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    • Software
      • Microsoft
        • Windows
          • CurrentVersion
            • Internet Settings
              • Zones

For Microsoft Windows XP Service Pack 2 (SP2) and later, you can find the URL security lockdown zone settings in the registry in the following key.

  • HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER
    • Software
      • Microsoft
        • Windows
          • CurrentVersion
            • Internet Settings
              • Lockdown_Zones

You can determine the zones under which the Shell can open files (URLACTION_SHELL_EXECUTE_HIGHRISK) by checking the following registry values. These values correspond to the following zones, respectively: Local Machine zone, Local intranet, Trusted sites, Internet, Restricted sites.

  • HKEY_LOCAL_MACHINE
    • Software
      • Microsoft
        • Windows
          • CurrentVersion
            • Internet Settings
              • Zones
                • 0
                  • 1806
                • 1
                  • 1806
                • 2
                  • 1806
                • 3
                  • 1806
                • 4
                  • 1806

If a URL policy value is 0x00, the action is allowed; if a value is 0x01, the user is prompted; and if a value is 0x03, the action is not allowed. For a list of possible URL policy values, see URL Policy Flags.

security note Security Alert  Setting these registry keys incorrectly can compromise the security of your application. The values for these registry keys are safe by default. By adjusting these values, you might put users at risk for an elevation of privilege attack. You should review Security Considerations: URL Security Zones API before continuing.

Related Topics

Tags What's this?: ikram (x) Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker