Jump to content

Web control: implementing a whitelisting policy?


carmik
 Share

Recommended Posts

On our Endpoint Security 9.1 clients we wish to have all outbound web traffic blocked by default, with only certain URLs/groups allows. How can I implement a default block-all rule in web control?

Link to comment
Share on other sites

  • Administrators

You could create a url-based rule to block everything (*) and then put permissive category-based rules above it. However, remember that parts of websites may be loaded from CDNs or other sites. Also the operating system itself may try to download files from servers not whitelisted by the permissive rules.

Link to comment
Share on other sites

1 hour ago, Marcos said:

You could create a url-based rule to block everything (*) ...

Can't make this step happen, that's the problem. I've created a single rule (which is a block-all one) like this one:

image.png.b2eb64f251afe271cdadf7c4dcf5915d.png

΅What am I missing?

Link to comment
Share on other sites

  • Administrators

I was wrong. However, I've tried this and it worked:

image.png

1, Create a permissive category-based rule with categories you want to allow

2, Create a blocking category-based rule with a group containing all categories

Link to comment
Share on other sites

Just got time to re-visit this. Before going on I've stumbled into a passage of text in https://help.eset.com/ees/9/en-US/idh_page_setting_parental.html stating that:

[quote]In case you want to block all webpages and leave only certain available, use URL address management.[/quote]

The answer is in https://help.eset.com/ees/9/en-US/idh_config_epfw_scan_http_address_list.html and I must say this is an elegant one (but rather hidden in an obscure place). Will try it and get back.

 

Link to comment
Share on other sites

Yep, that did the trick!

EDIT: Come to think of it, this a solution to a different problem. Ie having a block all web policy and nothing else (either no allow pages or a very small number). @Marcos's response is more on par with the OP problem.

EDIT2: Approach seems to be blocking windows upates. Dang!

Edited by carmik
Link to comment
Share on other sites

  • Administrators
11 minutes ago, carmik said:

Under which category in web control do windows updates fall?

*.microsoft.com falls under these categories:

Productivity
Business Software
Windows

I assume you should be able to create a url-based permissive rule allowing "microsoft.com" (without wildcards) and put it above the blocking rule.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...