Jump to content

Web control: implementing a whitelisting policy?


Go to solution Solved by Marcos,

Recommended Posts

Posted

On our Endpoint Security 9.1 clients we wish to have all outbound web traffic blocked by default, with only certain URLs/groups allows. How can I implement a default block-all rule in web control?

  • Administrators
Posted

You could create a url-based rule to block everything (*) and then put permissive category-based rules above it. However, remember that parts of websites may be loaded from CDNs or other sites. Also the operating system itself may try to download files from servers not whitelisted by the permissive rules.

Posted
1 hour ago, Marcos said:

You could create a url-based rule to block everything (*) ...

Can't make this step happen, that's the problem. I've created a single rule (which is a block-all one) like this one:

image.png.b2eb64f251afe271cdadf7c4dcf5915d.png

΅What am I missing?

  • Administrators
  • Solution
Posted

I was wrong. However, I've tried this and it worked:

image.png

1, Create a permissive category-based rule with categories you want to allow

2, Create a blocking category-based rule with a group containing all categories

Posted

Just got time to re-visit this. Before going on I've stumbled into a passage of text in https://help.eset.com/ees/9/en-US/idh_page_setting_parental.html stating that:

[quote]In case you want to block all webpages and leave only certain available, use URL address management.[/quote]

The answer is in https://help.eset.com/ees/9/en-US/idh_config_epfw_scan_http_address_list.html and I must say this is an elegant one (but rather hidden in an obscure place). Will try it and get back.

 

Posted (edited)

Yep, that did the trick!

EDIT: Come to think of it, this a solution to a different problem. Ie having a block all web policy and nothing else (either no allow pages or a very small number). @Marcos's response is more on par with the OP problem.

EDIT2: Approach seems to be blocking windows upates. Dang!

Edited by carmik
Posted

Under which category in web control do windows updates fall?

  • Administrators
Posted
11 minutes ago, carmik said:

Under which category in web control do windows updates fall?

*.microsoft.com falls under these categories:

Productivity
Business Software
Windows

I assume you should be able to create a url-based permissive rule allowing "microsoft.com" (without wildcards) and put it above the blocking rule.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...