Category, Reputation, and Geo — Block Access to Websites

Last updated
Save as PDF

You can block access to websites. For this purpose, you fill them in lists for use by the web filtering rules or set a risk level for blocking. You can also configure exceptions for websites where web filtering is skipped when user request access to them.

The web filtering rules block access based on the categories that URLs sent with requests fall into, as well as on the reputation or location of websites. Information about URL categories and reputation is retrieved from the Global Threat Intelligence (GTI) service.

On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
From the policy tree in the navigation panel, select Web Filtering > Category, Reputation & Geo.

The selected rule set appears in the configuration area on the right.
Configure when this rule set should apply.
- Under Criteria, leave the default All Traffic, as you want the rules in this rule set to apply to all web traffic.
- Next to Applies to, leave the default All, as you want the rules in this rule set to be processed in all cycles of web filtering on Secure Web Gateway.
Click the settings icon to configure settings for this rule set in a panel that is inserted on the right. The settings that are currently in use are shown as selected on the panel.

When configuring these settings, you can, for example, require that invalid URLs are treated as errors or specify how to retrieve information from the Global Threat Intelligence (GTI) service.
To allow requests for accessing some websites to skip web filtering, configure a list for the rule that is preset here for this purpose. It is shown under Preset Rules.

You can configure entries for domain and host names as well as for URLs in this list.

Click the three dots at the end of the row for this rule and work with the options for list handling that are provided.
Configure the rules that are preset for blocking requests to access websites based on URL categories as needed. They are shown under Preset Rules in the Category section.
- Configure a list of URL categories for the Block traffic for these categories rule. Click the three dots at the end of the row for this rule to display the menu with options for list handling.
- Select Edit List.
  
  The list of categories that is currently in use appears in a panel on the right.
  
  To open this panel, you can also click the rule name, which is marked in blue.
- To remove a category from the list, select it and click the cross that appears at the end of the row.
- To add a category, click Actions and select Add New Items.
  
  The catalog with URL categories opens. Categories are grouped under main categories, for example, Travel under Lifestyle. The categories that are currently in use are shown on the right.
- Select categories or deselect them as needed. Then click Done to close the catalog. On the panel, click Save.
- Configure how to handle requests with URLs that have not been categorized. Select one of the following:
  - Allow All — Requests with uncategorized URLs are allowed.
  - Block All — Requests with uncategorized URLs are blocked.
  - Block Only — Requests with uncategorized URLs are blocked under the conditions specified below.
    
    After selecting Block Only, specify what should only be blocked:
    - Media Types — Requests with uncategorized URLs are blocked if access is requested to media types that are in a list.
      
      Configure a list of the media types that should be blocked.
      
      Click the three dots at the end to display the menu for list handling. Or click the rule name, which is marked in blue, to display the list of media types at once.
    - Uploads — Requests with uncategorized URLs are blocked if an upload to the web is requested.
    You can also enable an option for filtering <script> tags.
Configure the rules that are preset for blocking requests to access websites based on website reputation as needed. They are shown under Preset Rules in the Reputation section.

Select a risk level (high, medium, low) for blocking access to websites or a combination of levels. If access to a website is considered, for example, a high risk due to its reputation, it is blocked.

You can also block access to any website where the reputation has not been verified.
Configure the rules that are preset for blocking requests to access websites based on their geographical location as needed. They are shown under Preset Rules in the Geo section.
- Configure a list of countries for the Block all access to sites in these countries rule. Click the three dots at the end of the row for this rule to display the menu with options for list handling.
- Select Edit List.
  
  The list of countries that is currently in use appears in a panel on the right. Countries are identified by a code, for example, US for the United States or IN for India.
  
  To open this panel, you can also click the rule name, which is marked in blue.
- To remove a country from the list, select it and click the cross that appears at the end of the row.
- To add a country, click Actions and select Add New Items.
  
  The list with countries codes opens.
- Select countries or deselect them as needed. Then click Done to close the list. On the panel, click Save.

You can also create rules of your own and add them to this rule set. Click the three dots at the end of the top row and select the option for creating a new rule from the drop-down menu.

This menu also includes an option for reviewing and modifying the underlying code for a rule set.

To enable or disable the complete rule set, use the On/Off toggles.

The filtering process now follows what you have configured for the rules that block access to websites.