Skip to main content
Skyhigh Security

Allow or Block Access to Web Objects Globally

 

Create lists of web objects to allow global access

When these rules are applied to a web request and the request is allowed, all further rule processing stops.

  1. From the Skyhigh CASB navigation bar, select Policy > Web Policy > Policy.
  2. In the policy tree, select Global Bypass > Global Bypass Lists.
  3. Optionally configure criteria to limit the scope of this rule set.
  4. Select the global bypass lists rules that you want enabled. When selected, the rules:
    • Domains Bypass — Allows web requests sent to the domains in this list to bypass filtering.
    • Connection IPs Bypass — Allows web requests sent from the connection IP addresses in this list to bypass filtering.
      The connection IP is the IP address of the firewall or other device between your organization's network and the cloud (your public IP address).
    • Client IPs Bypass — Allows web requests sent from the client IP addresses in this list to bypass filtering.
    • Destination IPs Bypass — Allows web requests sent to the IP addresses in this list to bypass filtering.
    • User Groups Bypass — Allows web requests sent by users who are members of the groups in this list to bypass filtering.
    • User Names Bypass — Allows web requests sent by users having the user names in this list to bypass filtering.
    • Processes Bypass — Allows web requests sent from the process names in this list to bypass filtering.
    • Enable mobile access to sites using certificate pinning — Allows web requests from mobile devices to bypass SSL scanning when the host or domain name is in this list.
  5. Configure the lists associated with the rules as needed.

Changes to the policy tree, rule sets, or rules are automatically saved. You can publish them to the cloud now or keep working and publish later.

Create lists of web objects to block globally

When the Web Policy is applied to a web request, the Global Block rule set is the first rule set applied. When the request is blocked, all further rule processing stops.

  1. From the Skyhigh CASB navigation bar, select Policy > Web Policy > Policy.
  2. In the policy tree, select Global Block > Global Block Lists.
  3. Optionally configure criteria to limit the scope of this rule set.
  4. Select the global block rules that you want enabled. When selected, the rules:
    • Domains Block List — Blocks web requests sent to the domains in this list.
    • Connection IPs Block List — Blocks web requests sent from the connection IP addresses in this list.
      The connection IP is the IP address of the firewall or other device between your organization's network and the cloud (your public IP address).
    • Client IPs Block List — Blocks web requests sent from the client IP addresses in this list.
    • Destination IPs Block List — Blocks web requests sent to the IP addresses in this list.
    • User Groups Block List — Blocks web requests sent by users who are members of the groups in this list.
    • User Names Block List — Blocks web requests sent by users having the user names in this list.
    • Processes — Blocks web requests sent from the process names in this list.
  5. Configure the lists associated with the rules as needed.

Changes to the policy tree, rule sets, or rules are automatically saved. You can publish them to the cloud now or keep working and publish later.

  • Was this article helpful?