Skip to main content
McAfee Enterprise MVISION Cloud

Modify the Web Policy Code Using the Code View

Using the code view, you can modify the code for the web policy that is implemented on Skyhigh Security Service Edge.

IMPORTANT: Improperly modifying this code can severely damage the web policy functions. Be sure to understand the code before you change it or add anything to it.

This section provides an example that shows how the code can be modified. It is about modifying a routine that includes a block procedure by replacing this procedure with a code item that allows a user coached access to the web.

What is explained here about this example, is intended to let you understand the kind of steps that are usually completed when the code is modified. The existing code already includes a routine that allows coached access.

So, you are not asked to complete all steps of this example.

  • Complete steps 1, 2, and 3 to view the code that appears for a better understanding of this example.
  • Then read the remaining part of the example.

IMPORTANT: Do not complete steps 4 and 5 of this example in your existing code.

  1. In Skyhigh CASB, navigate to the page where you want to modify the code using the code view.
    For example, navigate to the page for filtering URLs depending on categories, reputation scores, and location.
    1. Select Policy > Web Policy > Policy.
    2. On the Web Policy page, expand the Web Filtering branch of the policy tree and select Category, Reputation & Geo.
  2. Switch to the code view.
  3. Scroll down the code of the routine that appears until you see the lines you want to modify.
    For example, scroll down to the part of the code where the IF-THEN statements for this routine are specified until you see these lines.
// Block URLs Whose Category is Listed in Blocked URL Categories
IF blockByCategory AND blockCategories.Overlaps (MWG.UrlCategories (gtiSetting)) THEN {
MWG.Block (McAfee_Blocked_by_URL_filtering,
"Block URLs Whose Category is Listed in Blocked URL Categories",
"URL Filtering Policy")
}

These lines let URL filtering on Skyhigh Security Service Edge block a user's request to access a website if the URL for this website falls under a category that is in a block list.

Instead of granting access, a block page is sent to the user's browser stating that access was blocked under the current web policy for URL filtering or with a similar text.

You might want to change this behavior. For example, the request should not be blocked, but the user should be allowed access to the requested website after confirming that there is a business reason for accessing it. Handling a user's request like this is known as coaching.

  1. Modify the code to change the behavior of a web policy function.
    For example, modify it to have a user's request no longer blocked by URL filtering, but to coach the user instead. Complete the following substeps.
    1. Remove the MWG.Block procedure, together with its parameters and settings, from the THEN clause. This procedure executes the block action that you no longer want to have.
      Instead of removing this procedure, you can also insert forward slashes at the beginning to deactivate and keep it in case you might want to use it again.
// MWG.Block (McAfee_Blocked_by_URL_filtering,
// "Block URLs Whose Category is Listed in Blocked URL Categories",
// "URL Filtering Policy")
  1. Insert code items to carry out coaching.
    One of these items could be a coaching routine, which is called within the current routine. Let us assume this routine were available for inserting it here under the name of CoachingAction.

    To call a routine within another routine, use the CALL command.
CALL ("CoachingAction")

The lines shown in step 3 would look like this then.

// Block URLs Whose Category is Listed in Blocked URL Categories
IF blockByCategory AND blockCategories.Overlaps (MWG.UrlCategories (gtiSetting)) THEN {
    // MWG.Block (McAfee_Blocked_by_URL_filtering,
    // "Block URLs Whose Category is Listed in Blocked URL Categories",
    // "URL Filtering Policy")
    CALL (“CoachingAction”)
}

 

  1. Publish your changes and wait until they take effect.

You should now have a basic understanding of the kind of steps that are completed when the code view is used to modify the web policy code for Skyhigh Security Service Edge.

  • Was this article helpful?