Adding a web resource access rule

A web resource access rule is a set of filters and actions that Kaspersky Endpoint Security applies when users visit web resources. Access rules can include a rule schedule.

It is not recommended to create more than 1000 rules of access to web resources, as this can cause the system to become unstable.

A web resource access rule is a set of filters and actions that Kaspersky Endpoint Security performs when the user visits web resources that are described in the rule during the time span that is indicated in the rule schedule. Filters allow you to precisely specify a pool of web resources to which access is controlled by the Web Control component.

The following filters are available:

After Kaspersky Endpoint Security is installed, the list of rules of the Web Control component is not empty. The Default rule is preset. This rule is applied to any web resources that are not covered by other rules, and allows or blocks access to these web resources for all users.

Each rule has a priority. The higher a rule is on the list, the higher its priority. If a website has been added to multiple rules, Web Control regulates access to the website based on the rule with the highest priority. For example, Kaspersky Endpoint Security may identify a corporate portal as a social network. To restrict access to social networks and provide access to the corporate web portal, create two rules: one block rule for the Social networks website category and one allow rule for the corporate web portal. The access rule for the corporate web portal must have a higher priority than the access rule for social networks.

How to add a web resource access rule in Administration Console (MMC)

How to add a web resource access rule in Web Console and Cloud Console

How to add a web resource access rule in the application interface

As a result, the new Web Control rule is added to the list. If necessary, change the priority of the Web Control rule. You can also use the toggle switch to disable the web resource access rule at any time without removing it from the list.

Web Control rule parameters

Parameter

Description

Rule name

Name of the Web Control rule.

State

  • On.
  • Off.

You can use the toggle to disable the web resource access rule at any time.

Action

  • Allow. Web Control allows access to web resources that match the parameters of the rule.
  • Block. Web Control blocks access to web resources that match the parameters of the rule and displays a website access denied message.
  • Warn. When the user attempts to gain access to a web resource that matches the rule, Web Control displays a warning that visiting the web resource is inadvisable. By using links from the warning message, the user can obtain access to the requested web resource.

Content of the filter

  • By content categories. You can control user access to web resources by category (for example, the Social networks category).
  • By types of data. You can control user access to web resources based on the specific data type of its published data (for example, Graphics).

Addresses

  • To all addresses. Web Control will not filter web resources by address.
  • To individual addresses. Web Control will filter only web resource addresses from the list. You can enter a web address or use masks. You can also export a list of web resource addresses from a TXT file. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.

If Encrypted Connections Scan is disabled, for the HTTPS protocol you can only filter by the server name.

Users

  • To all users. Web Control will not filter web resources for specific users.
  • To individual users and / or groups. Web Control will filter web resources only for specific users. You can select users in Active Directory, in the list of accounts in Kaspersky Security Center, or by entering a local user name manually. Kaspersky recommends using local user accounts only in special cases when it is not possible to use domain user accounts.

Rule schedule

The rule schedule determines the time span during which Kaspersky Endpoint Security monitors access to web resources covered by the rule. For example, you can restrict Internet access through a browser during working hours only.

Page top