Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
661
Views
0
Helpful
3
Replies

Blocking custom URL categories

DavidBarnes29511
Level 1
Level 1

‎02-25-2021 07:14 AM

I have a bunch of custom URL categories set up to either block or allow. If all of them are in the Global Access Policy with the correct action, do they need to be specifically added to other access policies? Some of our policies have them included, some do not. For example, we have a blocked malicious URL category set up to block in the Global policy. It is also included in other access policies with the option of "Use Global Settings". Is this needed or can I exclude it at this level as long as it is in the Global Policy?

Labels:
Preview file
69 KB
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎02-25-2021 07:54 AM

It sort of depends upon how that policy is chosen for a specific connection.



If the policy has a category as part of the "group" column, then the URL filtering section will only apply to the category that was defined in the group column... so it doesn't matter what your other custom categories are...



If the policy applies to users or IPs or user agents, and URL Filtering is set to "global" it will carry over whatever you set in global....

But if you need to change the URL filtering set for a specific policy... eg let Marketing see ads, you'll have to also block the blacklist category in that policy.



Did that help?




0 Helpful

DavidBarnes29511
Level 1
Level 1

‎02-25-2021 08:22 AM

Sort of. Say I have "example.com" on the "blocks 2020" list and that list is set to block in the global access policy. If I go into the access policy shown and select Exclude from policy, will the user still be blocked from getting to example.com? I am concerned with the WSA doing too much processing for blocked URLs. If the Global policy will be sufficient, I don't want to have the blocked category listed elsewhere. 

0 Helpful

Ken Stieers
VIP
VIP
In response to DavidBarnes29511

‎02-25-2021 08:49 AM

You have to apply the block in any policy where it might apply.   The WSA processes top down on which policy is hit, using whatever you set in the Group column, but the columns DON'T stack... once it picks a policy it processes that policy left to right. 

 

In my policy set below, if "blocks 2020" is in my global policy, for it be blocked in the "Encore Allows" policy, it has to stay there... 

And if it needs to be blocked in the "Allowed Bluebeam Studio" list, where I'm allowing categories that are globally blocked, I have to check it there too... 

I don't have to block it for the HighBandwidth or Youtube policies because they only get hit if the connection is going to one of those categories.

policy.PNG

0 Helpful
Customers Also Viewed These Support Documents