Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Web Policy Code View and User Interface

You can complete many web policy activities both in the code view and on the normal user interface, for example, setting a variable or enabling a rule.

So, to understand the code view, it helps if you have a good understanding of the options on the normal user interface.

For example, if you know you can enable a rule on the user interface that lets web objects skip anti-malware filtering, you can look for items that correspond to this rule when reviewing the code. Understanding what this rule does from working with it on the user interface helps you recognize corresponding items in the code view.

There are also web policy items that you can only work with in the code view, but not on the user interface. On the other hand, you can complete some activities only using options of the user interface.

In the following, examples are given for all three kinds of web policy items and the way you can work with them.

For a code item, the routine that it belongs to is added. For an option on the user interface, the web policy page where it appears is added.
 

transferSizeLimit variable

This variable is an example of a web policy item that you can work with both in the code view and on the user interface.

The value that this variable is set to is a limit that is observed in the anti-malware filtering process. If a file exceeds this limit, it can be exempted from anti-malware filtering to save time and resources.

Here's how this variable appears in the code and on the user interface.

  • In the code view:
    • Routine: Anti_Malware_Rules
    • Code item:
NUMBER transferSizeLimit = 209715200
  • On the user interface:
    • Page: Web Policy — Anti-Malware
    • Option: Transfer Size Limit

This option is available on a side panel that appears when the following rule is clicked: Skip GAM processing if transfer size is greater than specified limit.

When you change the value for this size limit in the code view, the change appears on the user interface. If you change it on the user interface, it appears in the code view.

The variable is used in the Bypass Based on Size rule.

Block If Virus Was Found rule

This rule is an example of a code item that has no corresponding option or options on the normal user

interface. You cannot modify or enable and disable it there, but only in the code view.

The rule is for blocking web objects that are infected by viruses and other malware.

Here's how this rule appears in the code view:

  • Routine: Anti_Malware_Rules
  • Code item:
// Block If Virus Was Found
IF MWG.BodyInfected (gam) THEN {
        MWG.Block (Malware_found, "Block If Virus Was Found", "Gateway Anti-Malware")
}

Lists

A list of your web policy is an item that you can only work with in the code view to some extent.

In the code view, you can specify a list as a parameter of a function in a rule. For example, in a rule that lets URLs skip URL filtering a list named skipURLs can be a parameter of the MWG.Url.Smart.Match function.

// Bypass URL Filtering for URL Filtering Bypass URLs
IF skipByURL AND MWG.Url.SmartMatch (skipURLs) THEN {
    END
}

But you cannot fill list entries in the code view. To do this, you need to work with the pages of the List Catalog on the user interface.

  • Was this article helpful?