To ensure correct processing of HTTPS traffic, you must configure interception of SSL connections on an external proxy server (when the application is installed from an RPM- or DEB package) or on a built-in proxy server (when the application ISO image is deployed). If interception of SSL connections is not configured, the traffic filtering criteria will not be applied and the web resource will not be scanned by the Anti-Virus and Anti-Phishing modules.
To configure traffic filtering:
Applicable only if you have access rights to multiple workspaces.
The traffic processing rules table opens.
This opens a window containing information about the rule.
The following criteria are available for bypass rules: URL, MIME type of HTTP message, Traffic direction, HTTP method, HTTP Content Length, and KB.
You can use this criterion to control user access to web resources based on their categories. For example, you can prohibit access to social networks by selecting the Social networks category. Refer to Appendix 6 for a list of web categories supported by the application.
In addition to URLs, you can also add the protocol or port of network connections to the filtering criteria.
If a URL has not been normalized, it will not be added to the list, and an error message will appear.
Make sure that any part of the URL does not contain the ? and # symbols, and that the Domain and Port parts do not contain the @ symbol. Otherwise, the complete URL will not be imported.
For example, you can prohibit access to all web resources over the HTTP protocol.
You can add a specific file name to filtering criteria or use regular expressions. For example, you can prohibit downloading executable files with the exe extension by entering
Viruses or other malware can be spread in executable files renamed to have a different extension, for example, txt. If you selected the File name criterion and entered
*.exe, such a file is not processed by the application. However, if you selected file filtering by format, the application checks the true format of the file regardless of the extension. If the check reveals that the file has the EXE format, the application processes it in accordance with the rule.
You can use this criterion to control the network traffic volume of your organization. For example, you can prohibit downloading files over 700 MB in size.
You can use this criterion to control access to multipart objects depending on the contents of their component parts.
You can use this criterion to control access to objects depending on their content. For example, you can prohibit playing video streams by entering
video/*. For examples of MIME types of objects, please refer to Appendix 4.
If you specify
multipart/*, the Content-Type header of the object is taken into account. Individual component parts of the object are not processed. To filter traffic based on the component parts of a multipart object, you must use the MIME type of HTTP message part criterion.
You can prohibit access to an object by entering its MD5 hash. This can be necessary if you receive information about a virus or other malware from a third-party system and you know only its MD5 hash.
You can prohibit access to an object by entering its SHA2 hash. This can be necessary if you receive information about a virus or other malware from a third-party system and you know only its SHA2 hash.
You can use this criterion to configure processing of all inbound or outbound connections.
You can use this criterion to control access to traffic depending on the utilized HTTP method.
You can use the Content-Length HTTP header to control access to traffic depending on the length of the HTTP message body. If the Content-Length header is available, the application uses its value for applying traffic filtering criteria. If this header is absent, the Content-Length value is considered to be empty and is not taken into account when processing traffic.
It is available only for bypass rules.
Traffic filtering is now configured.Page top