The Web Control security engine manages user access to websites. This helps conserve traffic and reduce the waste of working hours. When a user tries to open a website that is restricted by Web Control, Kaspersky NGFW block access or displays a warning.
Kaspersky NGFW controls only HTTP and HTTPS traffic. To control HTTPS traffic, you need to enable encrypted connection scanning (see SSL inspection).
Website access control is based on website categories (hereinafter also referred to as web categories), which are thematic lists of URLs. You can use Web Control profiles for each web category to configure the action to be performed an access attempt is made to a website from that category:
In the profile, you can also configure the logging of the corresponding action in the security event log. In addition, in each profile, you can specify a list of URL exclusions.
Web categories belong to one of two types:
The lists of websites are stored in a local database that is part of the distribution kit of the solution; if necessary, databases are provided by the Kaspersky Security Network service. Using Kaspersky Security Network in Web Control profiles improves the categorization of sites. For categories of this type, the profiles have default settings (action and logging). The administrator can manage these settings when creating or editing a profile.
By default, web categories can have nested web categories (up to three levels of nesting). For example, the Hate, discrimination category has a Violence, intolerance nested category, which includes the Self-harm, suicide and Extremism, racism nested categories. In the interface, such categories are displayed as a hierarchical tree view.
You can find a complete list of default web categories and their actions and logging settings in the table of default web categories.
The administrator can create a list of custom categories and add websites to these. When categorizing a website, custom categories have a higher priority than default categories.