Blocking Sessions
By configuring blocking sessions you can block requests sent by a user for a configured period of time.
A blocking session is imposed after a user has sent a request that is blocked according to a configured rule, for example, a request for a URL that falls into a category that is not allowed.
This is a means of enforcing a web security policy that handles unwanted access to web objects with more strictness.
You can configure blocking sessions in relation to the parameters that are used in the library rule set. You can also create rules of your own using other parameters.
Configure blocking sessions
You can configure blocking sessions to block session for a user over a configured period of time after an attempt to access a web object that is not allowed.
- Select Policy | Rule Sets.
- On the rule sets tree, expand the rule set that contains rules for the blocking session, for example, the Blocking Sessions library rule set.
The nested rule sets appear. - Select the appropriate nested rule set, for example, Blocking Sessions With IP Configuration.
The general settings and rules of the rule set appear on the settings pane. - In the rule set criteria, click the appropriate blocking list name, for example, IP Block List for Blocking Sessions.
The Edit List (Category) window opens.
NOTE: A yellow triangle next to the list name means the list is initially empty and you need to fill the entries.
- Add the appropriate entries to the blocking list, for example, IP addresses. Then click OK to close the window.
- In the criteria for one of the rules, click the appropriate settings name, for example, IP Configuration.
The Edit Settings window opens. - Configure the appropriate parameters, for example, the period of time over which sessions are blocked. Then click OK to close the window.
- Click Save Changes.