About web resource access rules

A web resource access rule is a set of filters and an action that the application performs when users visit web resources described in the rule at a time specified in the rule schedule. Filters let you specify web resources to which access is monitored by the Web Control component.

The following filters are available:

• Filter by content category. Web Control can categorize web resources based on content. You can control user access to web resources that have content defined by these categories. When users visit web resources that belong to a selected content category, the application performs the action specified in the rule.
• Filter by data type category. Web Control can categorize web resources based on data type. You can control user access to data located on web resources related to certain types of data. When users visit web resources that relate to a selected data type category, the application performs the action specified in the rule.
• Filter by web resource address. You can control user access to all addresses of a web resource or to individual addresses of a web resource and/or to groups of addresses of a web resource.

  If you define both a filter by content category and/or data type category and a filter by web resource address, and the specified addresses of web resources and/or groups of web resource addresses belong to the selected content categories or data type categories, then the application does not control access to all of the web resources of the selected content categories and/or data type categories, but rather only controls access to the specified addresses of the web resources and/or groups of addresses of web resources.

• Filter by name of users and user groups. You can define users and/or user groups whose access to web resources is controlled according to the rule. For example, you can restrict browser access to the Internet for all users of an organization except the IT department.
• Rule schedule. You can set a rule schedule. The rule schedule determines the time when the application controls access to the web resources specified in the rule. For example, you can restrict internet access through the browser access to working hours only.

For each rule, you can specify the action that Web Control performs when a user visits a web resource that matches the rule settings:

• Allow. Web Control allows the user to access the web resource.
• Block. Web Control blocks the user's access to the web resource and displays a message that access is blocked. By clicking links in the blocking message, the user can send a complaint message to the corporate LAN administrator about the mistaken blocking and gain access to the requested web resource.
• Inform. Web Control displays a warning that the web resource is undesirable. By clicking links in the warning message, the user can send a complaint message to the corporate LAN administrator about a mistaken warning. In this case, the user's access to the web resource is not blocked.

Each rule has a priority. The higher the rule is on the list, the higher its priority. If a website is added to multiple rules, Web Control controls access to websites in accordance with the highest-priority rule. For example, the application may identify the corporate portal as a social network. To restrict access to social networks while allowing access to the corporate web portal, create two rules: a blocking rule for the "Social networks" category and an allowing rule for the corporate web portal. The corporate web portal access rule must have a higher priority than the social network access rule.

If no blocking rules are created, HTTPS traffic is not decrypted.