Adding a web resource access rule
A web resource access rule is a set of filters and actions that Kaspersky Endpoint Security applies when users visit web resources. Access rules can include a rule schedule.
It is not recommended to create more than 1000 rules of access to web resources, as this can cause the system to become unstable.
A web resource access rule is a set of filters and actions that Kaspersky Endpoint Security performs when the user visits web resources that are described in the rule during the time span that is indicated in the rule schedule. Filters allow you to precisely specify a pool of web resources to which access is controlled by the Web Control component.
The following filters are available:
- Filter by content. Web Control categorizes web resources by content and data type. You can control user access to web resources with content and data falling into the types defined by these categories. When the users visit web resources that belong to the selected content category and / or data type category, Kaspersky Endpoint Security performs the action that is specified in the rule.
- Filter by web resource addresses. You can control user access to all web resource addresses or to individual web resource addresses and / or groups of web resource addresses.
If filtering by content and filtering by web resource addresses are specified, and the specified web resource addresses and / or groups of web resource addresses belong to the selected content categories or data type categories, Kaspersky Endpoint Security does not control access to all web resources in the selected content categories and / or data type categories. Instead, the application controls access only to the specified web resource addresses and / or groups of web resource addresses.
- Filter by names of users and user groups. You can specify the names of users and / or groups of users for which access to web resources is controlled according to the rule.
- Rule schedule. You can specify the rule schedule. The rule schedule determines the time span during which Kaspersky Endpoint Security monitors access to web resources covered by the rule.
After Kaspersky Endpoint Security is installed, the list of rules of the Web Control component is not blank. Two rules are preset:
- Scripts and Stylesheets rule, which grants all users access at all times to web resources whose addresses contain the names of files with the CSS, JS, or VBS extensions. For example: http://www.example.com/style.css, http://www.example.com/style.css?mode=normal.
- Default rule. This rule is applied to any web resources that are not covered by other rules, and allows or blocks access to these web resources for all users.
Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority. For example, Kaspersky Endpoint Security may identify a corporate portal as a social network. To restrict access to social networks and provide access to the corporate web portal, create two rules: one block rule for the Social networks website category and one allow rule for the corporate web portal. The access rule for the corporate web portal must have a higher priority than the access rule for social networks.
How to add a web resource access rule in Administration Console (MMC)
- Open the Kaspersky Security Center Administration Console.
- In the console tree, select Policies.
- Select the necessary policy and double-click to open the policy properties.
- In the policy window, select Security Controls → Web Control.
- Select the Web Control check box.
- In the Web Control settings block, click the Add button.
The Rule of access to web resources window opens.
- Configure the web resource access rule (see the table below).
- Save your changes.
How to add a web resource access rule in Web Console and Cloud Console
- In the main window of the Web Console, select Devices → Policies & profiles.
- Click the name of the Kaspersky Endpoint Security policy.
The policy properties window opens.
- Select the Application settings tab.
- Go to Security Controls → Web Control.
- Turn on the Web Control toggle.
- In the Web Control Settings block, click the Add button.
- Configure the web resource access rule (see the table below).
- Save your changes.
How to add a web resource access rule in the interface of the application
- In the main application window, click the button.
- In the application settings window, select Security Controls → Web Control.
Web Control settings
- Turn on the Web Control toggle.
- In the Settings block, click the Rules of access to web resources button.
- In the window that opens, click the Add button.
The Rule of access to web resources window opens.
- Configure the web resource access rule (see the table below).
- Save your changes.
As a result, the new Web Control rule is added to the list. If necessary, change the priority of the Web Control rule. You can also use the toggle switch to disable the web resource access rule at any time without removing it from the list.
Web Control rule parameters
Parameter
|
Description
|
Rule name
|
Name of the Web Control rule.
|
State
|
You can use the toggle to disable the web resource access rule at any time.
|
Action
|
- Allow. Web Control allows access to web resources that match the parameters of the rule.
- Block. Web Control blocks access to web resources that match the parameters of the rule and displays a website access denied message.
- Warn. When the user attempts to gain access to a web resource that matches the rule, Web Control displays a warning that visiting the web resource is inadvisable. By using links from the warning message, the user can obtain access to the requested web resource.
|
Content of the filter
|
- By content categories. You can control user access to web resources by category (for example, the Social networks category).
- By types of data. You can control user access to web resources based on the specific data type of its published data (for example, Graphics).
|
Addresses
|
- To all addresses. Web Control will not filter web resources by address.
- To individual addresses. Web Control will filter only web resource addresses from the list. You can enter a web address or use masks. You can also export a list of web resource addresses from a TXT file. Create a list of users from Active Directory.
If Encrypted Connections Scan is disabled, for the HTTPS protocol you can only filter by the server name.
|
Users
|
- To all users. Web Control will not filter web resources for specific users.
- To individual users and / or groups. Web Control will filter web resources only for specific users. Create a list of users from Active Directory.
|
Rule schedule
|
The rule schedule determines the time span during which Kaspersky Endpoint Security monitors access to web resources covered by the rule. For example, you can restrict Internet access through a browser during working hours only.
|
Page top