By default, the rules in the rule sets apply to all web traffic. You can limit the scope of each rule set by configuring the following criteria.
Location — Any location name configured for your web policy
Client IP — IP address of the client where a web request originated from
Connection IP — IP address of the firewall or other device between your the network of your organization and the cloud (your public IP address)
User Group — Names of one or more groups where the user who submitted a web request is a member
- User Name — Name of the user who submitted a web request
For example, you can select a location named Europe and specify that a rule set only applies to web traffic inside that region.