URLGuard
URLGuard detects and validates URLs in content, flagging suspicious patterns such as IP-based URLs, dangerous URI schemes, and blocklisted domains.
Overview
| Property |
Value |
| Latency |
<5ms |
| Memory |
50 KB |
| Async |
No |
| ML Required |
No |
| License |
Community |
Detection Categories
| Category |
Description |
| DangerousScheme |
javascript:, data:, vbscript: URI schemes |
| IpAddress |
URLs using raw IP addresses instead of domains |
| SuspiciousTld |
Known phishing/malware TLDs (.tk, .ml, .cf, .xyz) |
| BlocklistedDomain |
Domains on the configured blocklist |
| NonAllowlistedDomain |
Domains not on the allowlist (when enabled) |
Usage
Rust
use oxideshield_guard::guards::URLGuard;
use oxideshield_guard::{Guard, GuardAction};
let guard = URLGuard::new("urls")
.with_action(GuardAction::Log)
.add_blocklist("evil.com");
let result = guard.check("Visit https://evil.com/phish");
assert!(!result.passed);
Python
from oxideshield import url_guard
guard = url_guard(action="log", blocklist=["evil.com"])
result = guard.check("Visit https://evil.com/phish")
assert not result.passed
Configuration
guards:
- type: url
action: log
blocklist:
- evil.com
- phishing.tk
allowlist_mode: false
Research References