We have a site we regularly use, and recently it has been given a -6.0 web reputation score. Our policy is to block for -6.0 sites.
Is there any way to exempt a particular URL, and allow it, regardless of web reputation score? Seems like there should be, but I can't find it.
URL categories take precedence over Web Reputation filtering, so adding the URL to the Custom URL Category and allowing it will bypass WBRS filtering.
1. From the GUI, go to Web Security Manager > Custom URL Categories.
2. Select the "Add Custom Category" button.
3. Give the Category a name and add the desired URL to the Sites list.
4. Click on Submit.
5. On the Web Security Manager tab, select the Web Access Policies link.
6. Select the URL category for the desired policy.
7. In the Custom URL Category Filtering section, select "allow" for the category created above.
8. Click on Submit.
9. Commit the changes.
Note that you should be _very_ careful with using "Allow". This will cause the site to bypass ALL security services, including Virus scanning, so before you "allow" any sites please make sure that they really are legitimate sites and not likely to be distributing viruses/malware/etc.
The alternative is to create a new web access policy which matches this specific site (via a custom category) and give this policy a different WBRS Block score.
To do this, create a new Web Access Polcy and put it above your existing policies. Under "Policy Member Definition" select "Advanced" and then "Edit Categories" and select the custom category you've created for this site. You can also add in any other criteria you wish (eg, IP ranges or authentication, etc).
Then after creating the new policy you can configure this policy to not use WBRS, and this setting will only impact sites in your custom category. All other sites will fall through to the lower down policies, and use their WBRS settings.
Hello. Sorry for reviving an old thread, however it's the only one I've identified that deals with the reputation score.
Doc_ironport, will using your method bypass other lower priority security policies? If so, how can one make sure the remaining checks are still in effect?
In my case, web access is defined based on NT group membership and we have one rule (one access policy) per web category-ies. However I'm not sure what's the best way to adjust the WBRS of particular web sites with this model. Any advice?
You can follow this KB, which shows how to bypass wbrs, and still do av scan.
I hope it helps you.