topic Re: Override web reputation score in Web Security

Override web reputation score

thomascollins — Wed, 23 Jul 2008 04:31:54 GMT

We have a site we regularly use, and recently it has been given a -6.0 web reputation score. Our policy is to block for -6.0 sites.

Is there any way to exempt a particular URL, and allow it, regardless of web reputation score? Seems like there should be, but I can't find it.

Thanks

Re: Override web reputation score

ravmadir — Wed, 23 Jul 2008 06:12:43 GMT

URL categories take precedence over Web Reputation filtering, so adding the URL to the Custom URL Category and allowing it will bypass WBRS filtering.

1. From the GUI, go to Web Security Manager > Custom URL Categories.
2. Select the "Add Custom Category" button.
3. Give the Category a name and add the desired URL to the Sites list.
4. Click on Submit.
5. On the Web Security Manager tab, select the Web Access Policies link.
6. Select the URL category for the desired policy.
7. In the Custom URL Category Filtering section, select "allow" for the category created above.
8. Click on Submit.
9. Commit the changes.

-
Satish

Re: Override web reputation score

thomascollins — Wed, 23 Jul 2008 06:32:07 GMT

Excellent, thank you.

Re: Override web reputation score

Doc_ironport — Sun, 27 Jul 2008 06:00:37 GMT

Note that you should be _very_ careful with using "Allow". This will cause the site to bypass ALL security services, including Virus scanning, so before you "allow" any sites please make sure that they really are legitimate sites and not likely to be distributing viruses/malware/etc.

The alternative is to create a new web access policy which matches this specific site (via a custom category) and give this policy a different WBRS Block score.

To do this, create a new Web Access Polcy and put it above your existing policies. Under "Policy Member Definition" select "Advanced" and then "Edit Categories" and select the custom category you've created for this site. You can also add in any other criteria you wish (eg, IP ranges or authentication, etc).

Then after creating the new policy you can configure this policy to not use WBRS, and this setting will only impact sites in your custom category. All other sites will fall through to the lower down policies, and use their WBRS settings.

Re: Override web reputation score

thomascollins — Mon, 28 Jul 2008 20:33:37 GMT

Good point Doc, thanks for the idea...I've switched over to use that method.

Re: Override web reputation score

alexandre.hamelin — Mon, 14 Feb 2011 19:34:56 GMT

Hello. Sorry for reviving an old thread, however it's the only one I've identified that deals with the reputation score.

Doc_ironport, will using your method bypass other lower priority security policies? If so, how can one make sure the remaining checks are still in effect?

In my case, web access is defined based on NT group membership and we have one rule (one access policy) per web category-ies. However I'm not sure what's the best way to adjust the WBRS of particular web sites with this model. Any advice?

Re: Override web reputation score

edadios — Mon, 14 Feb 2011 23:39:35 GMT

You can follow this KB, which shows how to bypass wbrs, and still do av scan.

http://tinyurl.com/y9afggd

I hope it helps you.

Regards,

Eric