Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
Technical Reference
m86security.com
WebMarshal Default Rules (Release 6.8.1)
Contents
TRACEnet 3
SafeSearch 3 Connection Rules 3
[Reporting Classification] 3 [Global Policy] 3 [Power User Policy] 4 [Standard User Policy] 5 [Restricted User Policy] 5
HTTPS Rules (disabled) 6 [Global Policy] 6
Quota Rules 8 [Global Policy] 8 [Power User Policy] 8 [Standard User Policy] 9 [Restricted User Policy] 10
Standard Rules 10 [Reporting Classification] 11 [Global Policy] 15 [Power User Policy] 16 [Standard User Policy] 21 [Restricted User Policy] 25
Content Analysis Rules 30 [Reporting Classification] 30 [Global Policy] 32 [Power User Policy] 34 [Standard User Policy] 38 [Restricted User Policy] 41
Technical Reference
m86security.com
This document provides a text listing of the access policies that are installed by default with a new installation of WebMarshal (6.8.1.7774).
Administrators running older versions of WebMarshal, as well as new users, will be able to review the latest recommended policy in a convenient format.
Rule containers are titled in [Square Brackets]. Conditions set in a parent container also apply to any items within the container.
Rules are evaluated in the order listed.
Not all rules or rule containers are enabled by default. Disabled rules are marked (disabled).
Notes:
• Unlike some previous versions of WebMarshal, the Default Rules for release 6.8.1 do not use nested containers. However the rules do use conditions inherited from parent containers.
• SafeSearch is listed last because this condition is evaluated last. This order differs from the order of elements in the Console menu tree.
Read the notes included in the listing for detailed information.
.
Technical Reference: WebMarshal Default Rules (6.8.1) Page 3
TRACENET
Settings TRACEnet will automatically download updates.
When a site is blocked, users may choose to request reclassification.
New categories will be enabled by default.
SAFESEARCH
CONNECTION RULES [Reporting Classification] When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Classify - Streaming Media Protocols Classify Streaming Media Protocols and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Apple QuickTime Audio/Video, Google Video/YouTube, Real Media And where addressed to any URL
Skip any remaining rules in this container And classify the domain as Streaming Media
Classify - Instant Messaging Protocols Classify Instant Messaging Protocols and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Skip any remaining rules in this container And classify the domain as Messaging & Communications
[Global Policy] When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Permit - Full access for Unrestricted Users This rule will bypass all remaining rules in this container for all users in the Unrestricted Site Access user group. USAGE: Add additional users into the Unrestricted Site Access user group.
When a web request is received Where the user is a member of Unrestricted Site Access
Technical Reference: WebMarshal Default Rules (6.8.1) Page 4
And where the protocol/application is any protocol/application And where addressed to any URL
Permit access And do not process any further connection rules
Permit - Exclude From All Rules This rule will bypass all remaining rules in this container for sites included in the '[Exclude From All Rules]' URL grouping. USAGE: Add additional URLs into any of the URL Categories contained in the '[Exclude From All Rules]' Category grouping.
When a web request is received For any users And where the protocol/application is any protocol/application And where the URL is a member of [Exclude From All Rules]
Permit access And do not process any further connection rules
Block Protocol - Instant Messaging (disabled) Block Instant Messaging protocol for selected users. USAGE: This rule will block all the selected Messaging protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
Block Protocol - Streaming Media (disabled) Block Streaming Media protocol for selected users. USAGE: This rule will block all the selected Streaming Media protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Real Media, Apple QuickTime Audio/Video, Google Video/YouTube And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
[Power User Policy] When a web request is received Where the user is a member of Power Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Block Protocol - Instant Messaging (disabled) Block Instant Messaging protocol for selected users. USAGE: This rule will block all the selected Messaging protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 5
Block Protocol - Streaming Media (disabled) Block Streaming Media protocol for selected users. USAGE: This rule will block all the selected Streaming Media protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Real Media, Apple QuickTime Audio/Video, Google Video/YouTube And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
[Standard User Policy] When a web request is received Where the user is a member of Standard Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Block Protocol - Instant Messaging (disabled) Block Instant Messaging protocol for selected users. USAGE: This rule will block all the selected Messaging protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
Block Protocol - Streaming Media (disabled) Block Streaming Media protocol for selected users. USAGE: This rule will block all the selected Streaming Media protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Real Media, Apple QuickTime Audio/Video, Google Video/YouTube And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
[Restricted User Policy] When a web request is received Where the user is a member of Restricted Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Block Protocol - Instant Messaging Block Instant Messaging protocol for selected users. USAGE: This rule will block all the selected Messaging protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Technical Reference: WebMarshal Default Rules (6.8.1) Page 6
Block the connection and return a 503 return code And do not process any further connection rules
Block Protocol - Streaming Media Block Streaming Media protocol for selected users. USAGE: This rule will block all the selected Streaming Media protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Real Media, Apple QuickTime Audio/Video, Google Video/YouTube And where addressed to any URL
Block the connection and return a 503 return code And do not process any further connection rules
Permit - Instant Messaging Protocols Permit Instant Messaging protocol for all users. This rule applies to all users not blocked by previous Connection Rules. USAGE: This rule will permit connections on all the selected Messaging protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Windows Live Messenger, Yahoo! Messenger, AOL Instant Messenger (AIM), Google Talk And where addressed to any URL
Permit access And do not process any further connection rules
Permit - Streaming Media Protocols Permit Streaming Media protocol for all users. This rule applies to all users not blocked by previous Connection Rules. USAGE: This rule will permit connections on all the selected Streaming Media protocols. Modify the selection of blocked protocols as needed.
When a web request is received For any users And where the protocol/application is of type Microsoft Windows Media, Real Media, Apple QuickTime Audio/Video, Google Video/YouTube And where addressed to any URL
Permit access And do not process any further connection rules
HTTPS RULES (DISABLED)
[Global Policy] When a web request is received For any users And where addressed to any URL
Process rules in this container
Permit - Do not inspect HTTPS for Unrestricted Users Do not inspect encrypted content for any user in the Unrestricted Site Access user group USAGE: Add additional users into the Unrestricted Site Access user group.
When a web request is received Where the user is a member of Unrestricted Site Access And where addressed to any URL
Permit access and do not inspect content And do not process any further HTTPS rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 7
Do Not Inspect - Personal & Private Information (disabled) Do not inspect encrypted content if transaction has potential to contain personal information such as banking information, credit card numbers or private medical information. USAGE: Add sites or URL categories if they need to be excluded from HTTPS content scanning.
When a web request is received For any users And where the URL is a member of [Personal & Private Information]
Permit access and do not inspect content And do not process any further HTTPS rules
Do Not Inspect - SSL/TLS Could Not be Negotiated (disabled) Do not attempt content inspection of encrypted content if SSL/TLS could not be negotiated.
When a web request is received For any users And where addressed to any URL And where SSL/TLS could not be negotiated
Permit access and do not inspect content And do not process any further HTTPS rules
Block - SSLv2 Many browsers now have SSLv2 disabled by default. If WebMarshal is configured to allow SSLv2 to be used then this could override the browser defaults. For more information please see the following M86 Security Knowledge Base Article: Q12037 - INFO: WebMarshal HTTPS inspection and SSL/TLS versions
When a web request is received For any users And where addressed to any URL And where the security protocol is SSL v2
Block access to this site and display Blocked page And do not process any further HTTPS rules
Inspect - Webmail Content (disabled) Enable Content Inspection for encrypted (HTTPS) Webmail content
When a web request is received For any users And where the URL is a member of Web Mail
Permit access and inspect content And do not process any further HTTPS rules
Inspect - Potential Data Leakage (disabled) Enable Content Inspection for sites using encryption which may afford opportunities for data leakage. Examples might include online forums, job search sites and Web 2.0 sites like MySpace and Bebo.
When a web request is received For any users And where the URL is a member of Web Mail, Blogs, Personal Pages & Forums, Job Search, Messaging & Communications, Opinion, Beliefs & Cultural, Social Networking
Permit access and inspect content And do not process any further HTTPS rules
Inspect - All Other HTTPS Sites (disabled) Inspect all HTTPS traffic not previously inspected or excluded by preceding rules.
When a web request is received For any users And where addressed to any URL
Permit access and inspect content And do not process any further HTTPS rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 8
QUOTA RULES
[Global Policy] When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Permit - Full access for Unrestricted Users This rule will bypass all remaining rules in this container for all users in the Unrestricted Site Access user group. USAGE: Add additional users into the Unrestricted Site Access user group.
When a web request is received Where the user is a member of Unrestricted Site Access And where the protocol/application is any protocol/application And where addressed to any URL
Stop processing quota rules
Quota - 2 hours per week on Social Networking sites (disabled) This rule applies a quota of 2 hours per week for time spent on Social Networking sites. USAGE: Alter the quota time as needed in order to restrict time spent on Social Networking sites.
When a web request is received For any users And where the protocol/application is any protocol/application And where the URL is a member of Social Networking
Apply quota(s) 2 Hours per Week to the user And continue processing rules
Quota - 2 hours browsing per day (disabled) This rule applies a quota of 2 hours per day. USAGE: You may want to alter this rule to alter the amount of time allowed in the daily quota.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 2 Hours per Day to the user And continue processing rules
Quota - 100 MB browsing per day (disabled) Applies the '100 MB per Day' quota. Usage: This rule is used to prevent users downloading an excessive amount of data on any given day. You may want to alter this rule so that it only applies to specific times of day or alter the bandwidth allotment.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 100 MB per Day to the user And continue processing rules
[Power User Policy] When a web request is received Where the user is a member of Power Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Technical Reference: WebMarshal Default Rules (6.8.1) Page 9
Quota - 2 hours per week on Social Networking sites (disabled) This rule applies a quota of 2 hours per week for time spent on Social Networking sites. USAGE: Alter the quota time as needed in order to restrict time spent on Social Networking sites.
When a web request is received For any users And where the protocol/application is any protocol/application And where the URL is a member of Social Networking
Apply quota(s) 2 Hours per Week to the user And continue processing rules
Quota - 2 hours browsing per day (disabled) This rule applies a quota of 2 hours per day. USAGE: You may want to alter this rule to alter the amount of time allowed in the daily quota.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 2 Hours per Day to the user And continue processing rules
Quota - 100 MB browsing per day (disabled) Applies the '100 MB per Day' quota. Usage: This rule is used to prevent users downloading an excessive amount of data on any given day. You may want to alter this rule so that it only applies to specific times of day or alter the bandwidth allotment.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 100 MB per Day to the user And continue processing rules
[Standard User Policy] When a web request is received Where the user is a member of Standard Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Quota - 2 hours per week on Social Networking sites (disabled) This rule applies a quota of 2 hours per week for time spent on Social Networking sites. USAGE: Alter the quota time as needed in order to restrict time spent on Social Networking sites.
When a web request is received For any users And where the protocol/application is any protocol/application And where the URL is a member of Social Networking
Apply quota(s) 2 Hours per Week to the user And continue processing rules
Quota - 2 hours browsing per day (disabled) This rule applies a quota of 2 hours per day. USAGE: You may want to alter this rule to alter the amount of time allowed in the daily quota.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Technical Reference: WebMarshal Default Rules (6.8.1) Page 10
Apply quota(s) 2 Hours per Day to the user And continue processing rules
Quota - 100 MB browsing per day (disabled) Applies the '100 MB per Day' quota to users. Usage: This rule is used to prevent users downloading an excessive amount of data on any given day. You may want to alter this rule so that it only applies to specific times of day or alter the bandwidth allotment.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 100 MB per Day to the user And continue processing rules
[Restricted User Policy] When a web request is received Where the user is a member of Restricted Users And where the protocol/application is any protocol/application And where addressed to any URL
Process rules in this container
Quota - 2 hours browsing per week (disabled) Applies the '2 Hours per Week' quota to members of the 'Restricted Users' group. USAGE: You may want to alter this rule to alter the amount of time allowed in the weekly quota.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 2 Hours per Week to the user And continue processing rules
Quota - 10 MB browsing per week (disabled) Applies the '10 MB per Week' quota to users. USAGE: This rule is very restrictive. You may want to alter this rule so that it only applies to specific times of day or alter the bandwidth allotment.
When a web request is received For any users And where the protocol/application is any protocol/application And where addressed to any URL
Apply quota(s) 10 MB per Week to the user And continue processing rules
STANDARD RULES
Block - Undefined WebMarshal User Block access for all users that don't belong to the default WebMarshal groups. USAGE: New users or groups imported into WebMarshal should be added to a suitable default usergroup. If no suitable default rule exists, then new groups should be created, and new rules should be written for these users. Add new usergroups to the user exclusion list in this rule as required. NOTE: The “Exclude From Reporting” default group is not included in this rule because it does not control access to sites.
When a web request is received For any users Except where the user is a member of Power Users, Restricted Users, Standard Users, Unrestricted Site Access And where addressed to any URL
Block access to this site and display Blocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 11
[Reporting Classification] When a web request is received For any users And where addressed to any URL
Process rules in this container
Exclude From Reporting – Exclude From Reporting Users Excludes the browsing activities of selected users from reporting. * Warning. The rules in this container will remove the relevant traffic from all logging (Database, Text, WELF and Active Sessions)
When a web request is received Where the user is a member of Exclude From Reporting And where addressed to any URL
Skip any remaining rules in this container And exclude the site from reporting (do not log browsing)
Exclude From Reporting - Advertising (disabled) Excludes the browsing activities of users from reporting. * Warning. The rules in this container will remove the relevant traffic from all logging (Database, Text, WELF and Active Sessions)
When a web request is received For any users And where the URL is a member of Advertising
Skip any remaining rules in this container And exclude the site from reporting (do not log browsing)
Exclude From Reporting - Content Delivery Networks (disabled) Excludes the browsing activities of users from reporting. * Warning. The rules in this container will remove the relevant traffic from all logging (Database, Text, WELF and Active Sessions)
When a web request is received For any users And where the URL is a member of Content Delivery Network
Skip any remaining rules in this container And exclude the site from reporting (do not log browsing)
Exclude From Reporting - Web Analytics (disabled) Excludes the browsing activities of users from reporting. * Warning. The rules in this container will remove the relevant traffic from all logging (Database, Text, WELF and Active Sessions)
When a web request is received For any users And where the URL is a member of Web Analytics
Skip any remaining rules in this container And exclude the site from reporting (do not log browsing)
Classify - Excluded From All Rules Classify excluded sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of [Exclude From All Rules]
Classify the domain as Excluded From All Rules And continue processing rules
Classify - Dangerous File Extensions Classify sites with files which are known to be dangerous (such as VBScript) by the file extension. USAGE: Add or remove file names to the matched file list as required.
Technical Reference: WebMarshal Default Rules (6.8.1) Page 12
When a web request is received For any users And where addressed to any URL And where the file name matches *.bat, *.eml, *.nws, *.vbs
Skip any remaining rules in this container And classify the domain as Possible Dangerous File
Classify - Security Threat Classify Security Threat Sites used to circumvent policy enforcement, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Security Threats
Skip any remaining rules in this container And classify the domain as Security Threat
Classify - Anonymizer Classify Anonymizer Sites used to circumvent policy enforcement, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Anonymizers & Remote Access
Skip any remaining rules in this container And classify the domain as Anonymizer
Classify - Adult & Nudity Classify Adult & Nudity sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Adult & Nudity
Skip any remaining rules in this container And classify the domain as Adult & Nudity
Classify - File Sharing & Downloads Classify File Sharing & Download sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of File Sharing & Download Sites
Skip any remaining rules in this container And classify the domain as File Sharing & Downloads
Classify - Social Networking Classify Social Networking sites, such as Facebook and Myspace, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Social Networking
Skip any remaining rules in this container And classify the domain as Social Networking
Technical Reference: WebMarshal Default Rules (6.8.1) Page 13
Classify - Streaming Media Classify Streaming Media sites and records such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Streaming Media
Skip any remaining rules in this container And classify the domain as Streaming Media
Classify - Advertising Classify Advertising sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Advertising
Skip any remaining rules in this container And classify the domain as Advertising
Classify - Content Delivery Network Classify Content Delivery Network sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Content Delivery Network
Skip any remaining rules in this container And classify the domain as Content Delivery Network
Classify - News Classify News sites, such as cnn.com and bbc.co.uk, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of News
Skip any remaining rules in this container And classify the domain as News
Classify - Health & Medical Classify Health & Medical sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Health & Medical
Skip any remaining rules in this container And classify the domain as Health & Medical
Classify - Sports Classify Sports sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Sports
Skip any remaining rules in this container And classify the domain as Sports
Technical Reference: WebMarshal Default Rules (6.8.1) Page 14
Classify - Search Engine Classify Search Engine sites, such as google.com and Yahoo.com, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Search Engines
Skip any remaining rules in this container And classify the domain as Search Engine
Classify - Translation Proxies Classify Translation Proxy sites and records such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Translation Proxies
Skip any remaining rules in this container And classify the domain as Translation Proxy
Classify - Technology Classify Technology sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Technology
Skip any remaining rules in this container And classify the domain as Technology
Classify - Web Analytics Classify Web Analytics sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of Web Analytics
Skip any remaining rules in this container And classify the domain as Web Analytics
Classify - R Rated & Profanity Classify R Rated sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of R Rated & Profanity
Skip any remaining rules in this container And classify the domain as R Rated & Profanity
Classify - Harmful & Stealth Classify Harmful & Stealth sites, such as Anonymizer Proxy, File Sharing and Security Threat sites, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of [Harmful & Stealth]
Skip any remaining rules in this container And classify the domain as Harmful & Stealth
Technical Reference: WebMarshal Default Rules (6.8.1) Page 15
Classify - Time Wasting Classify Time Wasting sites, such as Discussion Forums and Social Networking sites, and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of [Time Wasting]
Skip any remaining rules in this container And classify the domain as Time Wasting
Classify - Personal & Private Classify sites such as Medical and Banking sites and record such access in the WebMarshal SQL database. NOTE: SQL Logging must be enabled for classifications to be recorded, and for Web usage reports to be produced.
When a web request is received For any users And where the URL is a member of [Personal & Private Information]
Skip any remaining rules in this container And classify the domain as Personal & Private Information
Classify - All unknown sites Classify sites unknown to WebMarshal and record such access as Unknown URLs.
When a web request is received For any users And where addressed to any URL Except where the URL is a member of [All URL Categories]
Skip any remaining rules in this container And classify the domain as Unknown URLs
Classify - All other known sites Classify sites which are known to WebMarshal, but which have not triggered any previous rules.
When a web request is received For any users And where the URL is a member of [All URL Categories]
Skip any remaining rules in this container And classify the domain as Other Known URLs
[Global Policy] When a web request is received For any users And where addressed to any URL
Process rules in this container
Permit - Full access for Unrestricted Users This rule will bypass all remaining rules in this container for all users in the Unrestricted Site Access user group. USAGE: Add additional users into the Unrestricted Site Access user group.
When a web request is received Where the user is a member of Unrestricted Site Access And where addressed to any URL
Permit access And do not process any further standard rules
Permit - Exclude From All Rules This rule will bypass all remaining rules in this container for sites included in the '[Exclude From All Rules]' URL grouping. USAGE: To permit an additional URL, add it to the [Exclude From All Rules] category.
Technical Reference: WebMarshal Default Rules (6.8.1) Page 16
When a web request is received For any users And where the URL is a member of [Exclude From All Rules]
Permit access And do not process any further standard rules
Display Global Company Browsing Policy (disabled) Requires all users to acknowledge a company Internet policy page before beginning browsing. This page will only be displayed once a day for each user. You may want to customize the policy page for your company.
When a web request is received For any users And where addressed to any URL
Display WarningPolicy page once per day And continue processing rules
Display Quota Limits Policy (disabled) Prompts users at the beginning of a browsing session with a list of quotas available.
When a web request is received For any users And where addressed to any URL
Display WarningQuotas page once per day And continue processing rules
Display Policy for Scanning of Encrypted Content (disabled) This policy warning reminds users that encrypted content may be scanned and monitored by WebMarshal. This page will only be displayed once a day for affected users, and only when WebMarshal processes encrypted data. You may want to customize the policy page for your company.
When a web request is received For any users And where addressed to any URL And where the content is inspected HTTPS content
Display Warning page once per day And continue processing rules
[Power User Policy] When a web request is received Where the user is a member of Power Users And where addressed to any URL
Process rules in this container
Block URL - Adult & Nudity Blocks sites contained in the Adult & Nudity category. USAGE: To block additional URLs add them into the 'Adult & Nudity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Adult & Nudity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - Advertisement (disabled) Blocks sites contained in the Advertising category. USAGE: To block additional URLs add them into the 'Advertising' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
Technical Reference: WebMarshal Default Rules (6.8.1) Page 17
When a web request is received For any users And where the URL is a member of Advertising Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedAdvertisingSmall page And do not process any further standard rules
Block URL - Social Networking Sites (disabled) Blocks sites contained in the Social Networking category. USAGE: To block additional URLs add them into the 'Social Networking' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Social Networking Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Anonymizer Sites (disabled) Blocks sites contained in the Anonymizers & Remote Access category. USAGE: To block additional URLs add them into the 'Anonymizers & Remote Access' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Anonymizers & Remote Access Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Translation Proxy Sites (disabled) Blocks sites contained in the Translation Proxies category. USAGE: To block additional URLs add them into the 'Translation Proxies' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Translation Proxies Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Harmful & Stealth (disabled) Blocks sites contained in the Harmful & Stealth category. USAGE: To block additional URLs add them into the 'Harmful & Stealth' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Harmful & Stealth] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Access by IP address (disabled) This rule blocks access if the URL used is an IP address.
When a web request is received For any users And where addressed to any URL
Technical Reference: WebMarshal Default Rules (6.8.1) Page 18
Except where the URL is a member of [Exclude From Block URL Rules] And where the URL domain name is an IP address
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Time Wasting Inside Office Hours (disabled) Limits access to sites contained in the Time Wasting category, except outside of office hours. USAGE: To block additional URLs add them into the 'Time Wasting' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping. Modify the 'Business Hours' schedule as necessary.
When a web request is received For any users And where the URL is a member of [Time Wasting] Except where the URL is a member of [Exclude From Block URL Rules] And where the time of day is inside of Business Hours
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Gambling Sites (disabled) Blocks sites contained in the Gambling category. USAGE: To block additional URLs add them into the 'Gambling' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Gambling Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Legal Risk Sites (disabled) Blocks sites contained in the Legal Risk category. USAGE: To block additional URLs add them into the '[Legal Risk]' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Legal Risk] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - R Rated & Profanity (disabled) Blocks sites contained in the R Rated & Profanity category. USAGE: To block additional URLs add them into the 'R Rated & Profanity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of R Rated & Profanity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - All Unknown Sites (disabled) Blocks sites not contained in the any category. USAGE: If sites need to be excluded from this rule, ensure they belong to at least one category.
When a web request is received For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 19
And where addressed to any URL Except where the URL is a member of [All URL Categories]
Block access to this site and display Blocked page And do not process any further standard rules
Block Download - Files Larger Than 20MB (disabled) Blocks large downloads. USAGE: Set the file size limit as required.
When a web request is received for download For any users And where addressed to any URL And where the transferred data size is Greater than 20480 KB
Block access to this site and display FileBlocked page And do not process any further standard rules
Block Upload - Files Larger Than 5MB (disabled) Use this rule to prevent users from wasting Internet bandwidth. USAGE: Set the file size limit as required.
When a web request is received for upload For any users And where addressed to any URL And where the transferred data size is Greater than 5120 KB
Block access to this site and display UploadBlocked page And send a notification email to the administrator And do not process any further standard rules
Block Upload - Restricted File Types (disabled) This rule blocks users from uploading restricted file types. USAGE: Modify this rule to specify file types you don't want users to upload.
When a web request is received for upload For any users And where addressed to any URL And where the file type is ENCRYPTED, EXECUTABLE
Block access to this site and display UploadBlocked page And do not process any further standard rules
Block File - Dangerous File Extensions (disabled) Block files which are known to be dangerous (such as VBScript) by the file extension. USAGE: Add or remove file names to the matched file list as required.
When a web request is received For any users And where addressed to any URL And where the file name matches *.bat, *.eml, *.nws, *.vbs
Block access to this site and display FileBlocked page And send a notification email to the administrator And do not process any further standard rules
Block File - File Sharing Files This rule blocks access to files associated with File Sharing. USAGE: Add or remove file names to the download file name list as necessary.
When a web request is received For any users And where addressed to any URL And where the file name matches *.torrent, apexdc*_*_*.*, aresregular*.exe, bittorrent-*.*, deluge-0*.tar.gz, emule0.*.*, emuleplus*.*, mldonkey-*.bz2, morpheus.exe, shareaza_*.*, torrentvolve*.*, utorrent*.exe, utorrent*.zip
Block access to this site and display FileBlocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 20
Block File - Dangerous files (disabled) Blocks file types known to be potentially dangerous. USAGE: Add or remove file types to the matched file type list as required.
When a web request is received For any users And where addressed to any URL And where the file type is PST, OST, LNK, URL, CHM, REG, RCM, MSG, P7S, PGPSigned, AppleSingle, AppleDouble
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Executables (disabled) This rule blocks Executable files.
When a web request is received For any users And where addressed to any URL And where the file type is EXECUTABLE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Documents (disabled) Blocks document files (including Microsoft Word, Excel).
When a web request is received For any users And where addressed to any URL And where the file type is DOCUMENT
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Multimedia (disabled) Block multimedia (sound, video) files.
When a web request is received For any users And where addressed to any URL And where the file type is SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Archives (disabled) Block Archive files. This rule does not examine the content of Archive files. If you need to implement control of Archived content, use a Content Analysis Rule.
When a web request is received For any users And where addressed to any URL And where the file type is ARCHIVE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Unknown Binary Files (disabled) Blocks binary files where the type can not be identified by WebMarshal WARNING: Enable this rule with extreme caution as it may have undesirable ramifications. Many legitimate and business-related sites and products use proprietary binary files for their normal operation. For example, enabling this rule could interfere with product updates or anti-virus updates. If you do enable the rule, the related problems can be mitigated by adding affected addresses to the '[Exclude From All Rules]' URL Category list.
When a web request is received For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 21
And where addressed to any URL And where the file type is BIN
Block access to this site and display FileBlocked page And do not process any further standard rules
[Standard User Policy] When a web request is received Where the user is a member of Standard Users And where addressed to any URL
Process rules in this container
Block URL - Adult & Nudity Blocks sites contained in the Adult & Nudity category. USAGE: To block additional URLs add them into the 'Adult & Nudity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Adult & Nudity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - Advertisement Blocks sites contained in the Advertising category. USAGE: To block additional URLs add them into the 'Advertising' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Advertising Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedAdvertisingSmall page And do not process any further standard rules
Block URL - Social Networking Sites (disabled) Blocks sites contained in the Social Networking category. USAGE: To block additional URLs add them into the 'Social Networking' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Social Networking Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Anonymizer Sites Blocks sites contained in the Anonymizers & Remote Access category. USAGE: To block additional URLs add them into the 'Anonymizers & Remote Access' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Anonymizers & Remote Access Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 22
Block URL - Translation Proxy Sites Blocks sites contained in the Translation Proxies category. USAGE: To block additional URLs add them into the 'Translation Proxies' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Translation Proxies Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Harmful & Stealth Blocks sites contained in the Harmful & Stealth category. USAGE: To block additional URLs add them into the 'Harmful & Stealth' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Harmful & Stealth] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Access by IP address (disabled) This rule blocks access if the URL used is an IP address.
When a web request is received For any users And where addressed to any URL Except where the URL is a member of [Exclude From Block URL Rules] And where the URL domain name is an IP address
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Time Wasting Inside Office Hours (disabled) Limits access to sites contained in the Time Wasting category, except outside of office hours. USAGE: To block additional URLs add them into the 'Time Wasting' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping. Modify the 'Business Hours' schedule as necessary.
When a web request is received For any users And where the URL is a member of [Time Wasting] Except where the URL is a member of [Exclude From Block URL Rules] And where the time of day is inside of Business Hours
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Gambling Sites Blocks sites contained in the Gambling category. USAGE: To block additional URLs add them into the 'Gambling' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Gambling Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 23
Block URL - Legal Risk Sites Blocks sites contained in the Legal Risk category. USAGE: To block additional URLs add them into the '[Legal Risk]' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Legal Risk] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - R Rated & Profanity (disabled) Blocks sites contained in the R Rated & Profanity category. USAGE: To block additional URLs add them into the 'R Rated & Profanity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of R Rated & Profanity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - All Unknown Sites (disabled) Blocks sites not contained in the any category. USAGE: If sites need to be excluded from this rule, ensure they belong to at least one category.
When a web request is received For any users And where addressed to any URL Except where the URL is a member of [All URL Categories]
Block access to this site and display Blocked page And do not process any further standard rules
Block Download - Files Larger Than 20MB (disabled) Blocks large downloads. USAGE: Set the file size limit as required.
When a web request is received for download For any users And where addressed to any URL And where the transferred data size is Greater than 20480 KB
Block access to this site and display FileBlocked page And do not process any further standard rules
Block Upload - Files Larger Than 5MB (disabled) Use this rule to prevent users from wasting Internet bandwidth. USAGE: Set the file size limit as required.
When a web request is received for upload For any users And where addressed to any URL And where the transferred data size is Greater than 5120 KB
Block access to this site and display UploadBlocked page And send a notification email to the administrator And do not process any further standard rules
Block Upload - Restricted File Types This rule blocks users from uploading restricted file types. USAGE: Modify this rule to specify file types you don't want users to upload.
When a web request is received for upload For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 24
And where addressed to any URL And where the file type is ENCRYPTED, EXECUTABLE
Block access to this site and display UploadBlocked page And do not process any further standard rules
Block File - Dangerous File Extensions Block files which are known to be dangerous (such as VBScript) by the file extension. USAGE: Add or remove file names to the matched file list as required.
When a web request is received For any users And where addressed to any URL And where the file name matches *.bat, *.eml, *.nws, *.vbs
Block access to this site and display FileBlocked page And send a notification email to the administrator And do not process any further standard rules
Block File - File Sharing Files This rule blocks access to files associated with File Sharing. USAGE: Add or remove file names to the download file name list as necessary.
When a web request is received For any users And where addressed to any URL And where the file name matches *.torrent, apexdc*_*_*.*, aresregular*.exe, bittorrent-*.*, deluge-0*.tar.gz, emule0.*.*, emuleplus*.*, mldonkey-*.bz2, morpheus.exe, shareaza_*.*, torrentvolve*.*, utorrent*.exe, utorrent*.zip
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Dangerous files Blocks file types known to be potentially dangerous. USAGE: Add or remove file types to the matched file type list as required.
When a web request is received For any users And where addressed to any URL And where the file type is PST, OST, LNK, URL, CHM, REG, RCM, MSG, P7S, PGPSigned, AppleSingle, AppleDouble
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Executables This rule blocks Executable files.
When a web request is received For any users And where addressed to any URL And where the file type is EXECUTABLE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Documents (disabled) Blocks document files (including Microsoft Word, Excel).
When a web request is received For any users And where addressed to any URL And where the file type is DOCUMENT
Block access to this site and display FileBlocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 25
Block File - Multimedia (disabled) Block multimedia (sound, video) files.
When a web request is received For any users And where addressed to any URL And where the file type is SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Archives (disabled) Block Archive files. This rule does not examine the content of Archive files. If you need to implement control of Archived content, use a Content Analysis Rule.
When a web request is received For any users And where addressed to any URL And where the file type is ARCHIVE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Unknown Binary Files (disabled) Blocks binary files where the type can not be identified by WebMarshal WARNING: Enable this rule with extreme caution as it may have undesirable ramifications. Many legitimate and business-related sites and products use proprietary binary files for their normal operation. For example, enabling this rule could interfere with product updates or anti-virus updates. If you do enable the rule, the related problems can be mitigated by adding affected addresses to the '[Exclude From All Rules]' URL Category list.
When a web request is received For any users And where addressed to any URL And where the file type is BIN
Block access to this site and display FileBlocked page And do not process any further standard rules
[Restricted User Policy] When a web request is received Where the user is a member of Restricted Users And where addressed to any URL
Process rules in this container
Block URL - Adult & Nudity Blocks sites contained in the Adult & Nudity category. USAGE: To block additional URLs add them into the 'Adult & Nudity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Adult & Nudity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - Advertisement Blocks sites contained in the Advertising category. USAGE: To block additional URLs add them into the 'Advertising' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 26
And where the URL is a member of Advertising Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedAdvertisingSmall page And do not process any further standard rules
Block URL - Social Networking Sites Blocks sites contained in the Social Networking category. USAGE: To block additional URLs add them into the 'Social Networking' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Social Networking Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Anonymizer Sites Blocks sites contained in the Anonymizers & Remote Access category. USAGE: To block additional URLs add them into the 'Anonymizers & Remote Access' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Anonymizers & Remote Access Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Translation Proxy Sites Blocks sites contained in the Translation Proxies category. USAGE: To block additional URLs add them into the 'Translation Proxies' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Translation Proxies Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Harmful & Stealth Blocks sites contained in the Harmful & Stealth category. USAGE: To block additional URLs add them into the 'Harmful & Stealth' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Harmful & Stealth] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Access by IP address This rule blocks access if the URL used is an IP address.
When a web request is received For any users And where addressed to any URL Except where the URL is a member of [Exclude From Block URL Rules] And where the URL domain name is an IP address
Technical Reference: WebMarshal Default Rules (6.8.1) Page 27
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Time Wasting Inside Office Hours Limits access to sites contained in the Time Wasting category, except outside of office hours. USAGE: To block additional URLs add them into the 'Time Wasting' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping. Modify the 'Business Hours' schedule as necessary.
When a web request is received For any users And where the URL is a member of [Time Wasting] Except where the URL is a member of [Exclude From Block URL Rules] And where the time of day is inside of Business Hours
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Gambling Sites Blocks sites contained in the Gambling category. USAGE: To block additional URLs add them into the 'Gambling' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of Gambling Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - Legal Risk Sites Blocks sites contained in the Legal Risk category. USAGE: To block additional URLs add them into the '[Legal Risk]' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of [Legal Risk] Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display Blocked page And do not process any further standard rules
Block URL - R Rated & Profanity Blocks sites contained in the R Rated & Profanity category. USAGE: To block additional URLs add them into the 'R Rated & Profanity' category. If sites need to be excluded from this rule, add URLs into the '[Exclude From Block URL Rules]' category grouping.
When a web request is received For any users And where the URL is a member of R Rated & Profanity Except where the URL is a member of [Exclude From Block URL Rules]
Block access to this site and display BlockedOffensive page And do not process any further standard rules
Block URL - All Unknown Sites Blocks sites not contained in the any category. USAGE: If sites need to be excluded from this rule, ensure they belong to at least one category.
When a web request is received For any users And where addressed to any URL Except where the URL is a member of [All URL Categories]
Block access to this site and display Blocked page And do not process any further standard rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 28
Block Download - Files Larger Than 20MB Blocks large downloads. USAGE: Set the file size limit as required.
When a web request is received for download For any users And where addressed to any URL And where the transferred data size is Greater than 20480 KB
Block access to this site and display FileBlocked page And do not process any further standard rules
Block Upload - Files Larger Than 5MB Use this rule to prevent users from wasting Internet bandwidth. USAGE: Set the file size limit as required.
When a web request is received for upload For any users And where addressed to any URL And where the transferred data size is Greater than 5120 KB
Block access to this site and display UploadBlocked page And send a notification email to the administrator And do not process any further standard rules
Block Upload - Restricted File Types This rule blocks users from uploading restricted file types. USAGE: Modify this rule to specify file types you don't want users to upload.
When a web request is received for upload For any users And where addressed to any URL And where the file type is ENCRYPTED, EXECUTABLE
Block access to this site and display UploadBlocked page And do not process any further standard rules
Block File - Dangerous File Extensions Block files which are known to be dangerous (such as VBScript) by the file extension. USAGE: Add or remove file names to the matched file list as required.
When a web request is received For any users And where addressed to any URL And where the file name matches *.bat, *.eml, *.nws, *.vbs
Block access to this site and display FileBlocked page And send a notification email to the administrator And do not process any further standard rules
Block File - File Sharing Files This rule blocks access to files associated with File Sharing. USAGE: Add or remove file names to the download file name list as necessary.
When a web request is received For any users And where addressed to any URL And where the file name matches *.torrent, apexdc*_*_*.*, aresregular*.exe, bittorrent-*.*, deluge-0*.tar.gz, emule0.*.*, emuleplus*.*, mldonkey-*.bz2, morpheus.exe, shareaza_*.*, torrentvolve*.*, utorrent*.exe, utorrent*.zip
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Dangerous files Blocks file types known to be potentially dangerous. USAGE: Add or remove file types to the matched file type list as required.
Technical Reference: WebMarshal Default Rules (6.8.1) Page 29
When a web request is received For any users And where addressed to any URL And where the file type is PST, OST, LNK, URL, CHM, REG, RCM, MSG, P7S, PGPSigned, AppleSingle, AppleDouble
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Executables This rule blocks Executable files.
When a web request is received For any users And where addressed to any URL And where the file type is EXECUTABLE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Documents Blocks document files (including Microsoft Word, Excel).
When a web request is received For any users And where addressed to any URL And where the file type is DOCUMENT
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Multimedia Block multimedia (sound, video) files.
When a web request is received For any users And where addressed to any URL And where the file type is SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Archives Block Archive files. This rule does not examine the content of Archive files. If you need to implement control of Archived content, use a Content Analysis Rule.
When a web request is received For any users And where addressed to any URL And where the file type is ARCHIVE
Block access to this site and display FileBlocked page And do not process any further standard rules
Block File - Unknown Binary Files (disabled) Blocks binary files where the type can not be identified by WebMarshal WARNING: Enable this rule with extreme caution as it may have undesirable ramifications. Many legitimate and business-related sites and products use proprietary binary files for their normal operation. For example, enabling this rule could interfere with product updates or anti-virus updates. If you do enable the rule, the related problems can be mitigated by adding affected addresses to the '[Exclude From All Rules]' URL Category list.
When a web request is received For any users And where addressed to any URL And where the file type is BIN
Technical Reference: WebMarshal Default Rules (6.8.1) Page 30
Block access to this site and display FileBlocked page And do not process any further standard rules
Permit - All other traffic Permit remaining traffic not previously blocked or permitted by preceding rules.
When a web request is received For any users And where addressed to any URL
Permit access And do not process any further standard rules
CONTENT ANALYSIS RULES
[Reporting Classification] When a web request is received For any users And where addressed to any URL
Process rules in this container
Classify - File Sharing (disabled) Scans for File sharing links and classifies matching pages as 'File Sharing & Downloads'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, File Sharing content.
When a web request is received For any users And where addressed to any URL And where the content matches all of File Sharing
Skip any remaining rules in this container And classify the domain as File Sharing & Downloads
Classify - Weapons Content (disabled) Scans web pages for Weapons content and classifies matching pages as 'Time Wasting' . Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Weapons content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Weapons
Skip any remaining rules in this container And classify the domain as Time Wasting
Classify - Gambling Content (disabled) Scans web pages for Gambling content and classifies matching pages as 'Time Wasting'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Gambling content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Gambling
Skip any remaining rules in this container And classify the domain as Time Wasting
Classify - Gaming Content (disabled) Scans web pages for Gaming content and classifies matching pages as 'Time Wasting'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Gaming content.
When a web request is received For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 31
And where addressed to any URL And where the content matches all of Gaming
Skip any remaining rules in this container And classify the domain as Time Wasting
Classify - Discussion Forum (disabled) Scans web pages for discussion forum content and classifies matching pages as 'Time Wasting'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Discussion Forum content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Discussion Forums
Skip any remaining rules in this container And classify the domain as Time Wasting
Classify - Basic News Sites (disabled) Scans web pages for news content and classifies matching pages as 'News'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, basic News content.
When a web request is received For any users And where addressed to any URL And where the content matches all of News
Skip any remaining rules in this container And classify the domain as News
Classify - Sports Content (disabled) Scans web pages for sports content and classifies matching pages as 'Sports'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Sports content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Sports
Skip any remaining rules in this container And classify the domain as Sports
Classify - Stocks & Financial Sites (disabled) Scans web pages for financial stock trading content and classifies matching pages as 'Personal & Private Information'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Stock & Financial content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Stocks & Financial
Skip any remaining rules in this container And classify the domain as Personal & Private Information
Classify - Anonymizers Scans web pages for Anonymizer content and classifies matching pages as 'Anonymizer'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Anonymizer content.
When a web request is received for download For any users And where addressed to any URL And where the content matches all of Anonymizers
Skip any remaining rules in this container And classify the domain as Anonymizer
Technical Reference: WebMarshal Default Rules (6.8.1) Page 32
Classify - Racist & Hate Content Scans web pages for Racist & Hate content and classifies matching pages as 'Legal Risk'. Access to the site is not blocked by this rule.
When a web request is received for download For any users And where addressed to any URL And where the content matches all of Racist & Hate
Skip any remaining rules in this container And classify the domain as Legal Risk
Classify - Offensive Language (disabled) Scans web pages for offensive language and classifies matching pages as 'R Rated & Profanity'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Offensive Language content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Offensive Language
Skip any remaining rules in this container And classify the domain as R Rated & Profanity
Classify - Web Mail Content (disabled) Scans for web sites that appear to be mail sites and classifies matching pages as 'Time Wasting'. Access to the site is not blocked by this rule. USAGE: Turn on this rule to scan for, and classify, Web Mail content.
When a web request is received For any users And where addressed to any URL And where the content matches all of Web Mail
Skip any remaining rules in this container And classify the domain as Time Wasting
[Global Policy] When a web request is received For any users And where addressed to any URL
Process rules in this container
Scanning Bypass - Exclude From Malware Scanning This rules is used to bypass malware scanning for a specific set of URLs. USAGE: Add urls to the [Exclude From Malware Scanning] category to bypass malware scanning.
When a web request is received For any users And where the URL is a member of [Exclude From Malware Scanning]
Skip any remaining rules in this container
Block Malware - Virus Infected Files (disabled) This rule uses any installed Virus Scanners to scan for harmful downloads. To increase performance, common image and text files are excluded from scanning. Usage: Enable this rule after installing one or more Virus Scanners.
When a web request is received For any users And where addressed to any URL And for any file type Except where the file type is JPG, GIF, PNG, TEXT, HTML, JS, CSS And where the result of a malware scan by any virus scanner is Malware Found
Block the file and display FileBlockedVirus page Or abort the download of this file and display FileAbortedVirus page
Technical Reference: WebMarshal Default Rules (6.8.1) Page 33
And send a notification email to the administrator And classify the file as Malware And do not process any further content analysis rules
Block Malware - Virus Infected Files - EXTENSIVE (disabled) WARNING: With this rule enabled ALL files are scanned, including image and text files. While this gives full coverage of web downloads, it may cause a decrease in browsing performance. If this rule is enabled, the rule 'Block Malware - Virus Infected Files' becomes redundant and should be disabled. Usage: Enable this rule after installing one or more Virus Scanners. Ensure that 'Block Malware - Virus Infected Files' is disabled.
When a web request is received For any users And where addressed to any URL And where the result of a malware scan by any virus scanner is Malware Found
Block the file and display FileBlockedVirus page Or abort the download of this file and display FileAbortedVirus page And send a notification email to the administrator And classify the file as Malware And do not process any further content analysis rules
Block Malware - Spyware Infected Files (disabled) This rule uses any installed Spyware scanners to scan for harmful downloads. To increase performance, common image and text files are excluded from scanning. Usage: Enable this rule after installing one or more Spyware scanners.
When a web request is received For any users And where addressed to any URL And for any file type Except where the file type is JPG, GIF, PNG, TEXT, HTML, JS, CSS And where the result of a malware scan by any spyware scanner is Malware Found
Block the file and display FileBlockedSpyware page Or abort the download of this file and display FileAbortedSpyware page And send a notification email to the administrator And classify the file as Malware And do not process any further content analysis rules
Block Malware - Spyware Infected Files - EXTENSIVE (disabled) WARNING: With this rule enabled ALL files are scanned, including image and text files. While this gives full coverage of web downloads, it may cause a decrease in browsing performance. If this rule is enabled, the rule 'Block Malware - Spyware Infected Files' becomes redundant and should be disabled. Usage: Enable this rule after installing one or more Spyware Scanners. Ensure that 'Block Malware - Spyware Infected Files' is disabled.
When a web request is received For any users And where addressed to any URL And where the result of a malware scan by any spyware scanner is Malware Found
Block the file and display FileBlockedSpyware page Or abort the download of this file and display FileAbortedSpyware page And send a notification email to the administrator And classify the file as Malware And do not process any further content analysis rules
Block Malware - Malware Scanning Failure (disabled) If the configured Spyware or Virus scanner(s) fail to scan the file then this rule will prevent the user from receiving the unscanned file. USAGE: Enable this rule after installing one or more Spyware or Virus scanners.
When a web request is received For any users And where addressed to any URL And for any file type Except where the file type is JPG, GIF, PNG, TEXT, HTML, JS, CSS
Technical Reference: WebMarshal Default Rules (6.8.1) Page 34
And where the result of a malware scan by any scanner is Password Protected, File Corrupt, Could Not Unpack
Block the file and display FileBlockedMalicious page Or abort the download of this file and display FileAbortedMalicious page And classify the file as Malware And do not process any further content analysis rules
Block Malware - Malware Scanner Failure (disabled) If the configured Spyware or Virus scanner(s) fail to function this rule will notify the administrator and prevent the user from receiving the unscanned file. USAGE: Enable this rule after installing one or more Spyware or Virus scanners.
When a web request is received For any users And where addressed to any URL And for any file type Except where the file type is JPG, GIF, PNG, TEXT, HTML, JS, CSS And where the result of a malware scan by any scanner is Signatures Out Of Date, Update Failure, Unexpected Error
Block the file and display FileBlockedMalicious page Or abort the download of this file and display FileAbortedMalicious page And send a notification email to the administrator And classify the file as Malware And do not process any further content analysis rules
Permit - Full access for Unrestricted Users This rule bypasses all Content Analysis Rules, apart from Malware rules, for members of the 'Unrestricted Site Access' group. NOTE: For Malware rules to apply to Unrestricted Users this rule needs to be below the Malware rules.
When a web request is received Where the user is a member of Unrestricted Site Access And where addressed to any URL
Permit access And do not process any further content analysis rules
Permit - Exclude From All Rules This rule will bypass all remaining rules in this container for sites included in the '[Exclude From All Rules]' URL grouping. USAGE: To permit an additional URL, add it to the [Exclude From All Rules] category.
When a web request is received For any users And where the URL is a member of [Exclude From All Rules]
Permit access And do not process any further content analysis rules
[Power User Policy] When a web request is received Where the user is a member of Power Users And where addressed to any URL
Process rules in this container
Block File - Encrypted Archives (disabled) Block Encrypted Archives.
When a web request is received For any users And where addressed to any URL And where the file type is SEA, SEAEncrypt, ARJsfxcrypt, RARsfxcrypt, ZIPsfxcrypt, SITEncrypt, ARJcrypt, RARcrypt, ZIPcrypt
Technical Reference: WebMarshal Default Rules (6.8.1) Page 35
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Executables (inc. archived Executables) (disabled) Block Executable files, even if contained within an archive file (such as Zip or RAR)
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type EXECUTABLE
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Multimedia (inc. archived Multimedia) (disabled) Block Multimedia files, even if contained within an archive file (such as Zip or RAR).
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Encrypted Files (disabled) Block encrypted files.
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type ENCRYPTED
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Unpacking Error Block downloads where WebMarshal is unable to unpack file for analysis. Unpacking errors are typically associated with file corruption issues.
When a web request is received For any users And where addressed to any URL And where an error occurs while unpacking
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Offensive Text Content (disabled) Prevents users from uploading offensive text (typically to a web mail site or forum).
When a web request is received for upload For any users And where addressed to any URL And where the content matches any of Pornographic, Offensive Language, Racist & Hate
Block the file and display UploadBlockedTextCensor page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 36
Block Upload - Forum Posting (disabled) Prevents Users from uploading data on Discussion and Forum sites.
When a web request is received for upload For any users And where the URL is a member of Blogs, Personal Pages & Forums
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - WebMail (disabled) Prevents Users from uploading data on Web Mail sites.
When a web request is received for upload For any users And where the URL is a member of Web Mail And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Job Site Posting (disabled) Prevents users from uploading data on Jobs Search sites (e.g. Monster.com).
When a web request is received for upload For any users And where the URL is a member of Job Search And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Confidential Content This rule scans content which is being uploaded for keywords indicating potential data leakage. NOTE: This includes any online forms such as Web Mail, Forums and Personal Pages as these uploads are handled as TEXT.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT, TEXT, FORMTXT And where the content matches all of Confidential Data Leakage
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - All Documents (disabled) This rule blocks all uploads of typical documents (Word, Excel, PDF etc.). NOTE: This rule is quite restrictive and should be applied with care.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Suspected Resumes This rule scans uploaded documents for keywords associated with resumes and CVs.
When a web request is received for upload For any users
Technical Reference: WebMarshal Default Rules (6.8.1) Page 37
And where addressed to any URL And where the file type is DOCUMENT, TEXT And where the content matches all of Resumes and CVs
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Download - Adult & Nudity Content (disabled) Scans web pages for Adult & Nudity type content and blocks any matching pages.
When a web request is received for download For any users And where addressed to any URL And where the content matches any of Pornographic, Age Verification
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And classify the file as Adult & Nudity And do not process any further content analysis rules
Block Download - Browser Hijack (disabled) Scans for commands which may alter your browser settings and adds matching pages to the 'Harmful & Stealth' category.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches all of Browser Hijack
Block the file and display FileBlockedTextCensor page Or abort the download of this file and display FileAborted page And add the URL to the category Security Threats And classify the domain as Harmful & Stealth And do not process any further content analysis rules
Block Download - Adult & Nudity Mail Content (disabled) Scans for pornographic content in Web Mail. Access is blocked if such content is found, but WebMarshal does not add the site to the 'Adult & Nudity' category.
When a web request is received for download For any users And where the URL is a member of Web Mail And where the content matches all of Pornographic
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Download - Cached Search Results (disabled) Detects attempts to bypass WebMarshal filtering using search engine cache services. Access is allowed after a warning is given.
When a web request is received for download For any users And where addressed to any URL And where the content matches all of Cached Search Engine Results
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And classify the domain as Anonymizer And do not process any further content analysis rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 38
Block Download - Offensive Content (disabled) Scans web pages for offensive content, blocking matching pages. NOTE: This rule provides up-front blocking of offensive content. This rule is very restrictive and should be used with caution.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches any of Offensive Language
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
[Standard User Policy] When a web request is received Where the user is a member of Standard Users And where addressed to any URL
Process rules in this container
Block File - Encrypted Archives Block Encrypted Archives.
When a web request is received For any users And where addressed to any URL And where the file type is SEA, SEAEncrypt, ARJsfxcrypt, RARsfxcrypt, ZIPsfxcrypt, SITEncrypt, ARJcrypt, RARcrypt, ZIPcrypt
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Executables (inc. archived Executables) (disabled) Block Executable files, even if contained within an archive file (such as Zip or RAR)
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type EXECUTABLE
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Multimedia (inc. archived Multimedia) (disabled) Block Multimedia files, even if contained within an archive file (such as Zip or RAR).
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Encrypted Files Block encrypted files.
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type ENCRYPTED
Technical Reference: WebMarshal Default Rules (6.8.1) Page 39
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Unpacking Error Block downloads where WebMarshal is unable to unpack file for analysis. Unpacking errors are typically associated with file corruption issues.
When a web request is received For any users And where addressed to any URL And where an error occurs while unpacking
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Offensive Text Content Prevents users from uploading offensive text (typically to a web mail site or forum).
When a web request is received for upload For any users And where addressed to any URL And where the content matches any of Pornographic, Offensive Language, Racist & Hate
Block the file and display UploadBlockedTextCensor page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Forum Posting (disabled) Prevents Users from uploading data on Discussion and Forum sites.
When a web request is received for upload For any users And where the URL is a member of Blogs, Personal Pages & Forums
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - WebMail (disabled) Prevents Users from uploading data on Web Mail sites.
When a web request is received for upload For any users And where the URL is a member of Web Mail And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Job Site Posting (disabled) Prevents users from uploading data on Jobs Search sites (e.g. Monster.com).
When a web request is received for upload For any users And where the URL is a member of Job Search And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 40
Block Upload - Confidential Content This rule scans content which is being uploaded for keywords indicating potential data leakage. NOTE: This includes any online forms such as Web Mail, Forums and Personal Pages as these uploads are handled as TEXT.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT, TEXT, FORMTXT And where the content matches all of Confidential Data Leakage
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - All Documents (disabled) This rule blocks all uploads of typical documents (Word, Excel, PDF etc.). NOTE: This rule is quite restrictive and should be applied with care.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Suspected Resumes This rule scans uploaded documents for keywords associated with resumes and CVs.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT, TEXT And where the content matches all of Resumes and CVs
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Download - Adult & Nudity Content Scans web pages for Adult & Nudity type content and blocks any matching pages.
When a web request is received for download For any users And where addressed to any URL And where the content matches any of Pornographic, Age Verification
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And classify the file as Adult & Nudity And do not process any further content analysis rules
Block Download - Browser Hijack (disabled) Scans for commands which may alter your browser settings and adds matching pages to the 'Harmful & Stealth' category.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches all of Browser Hijack
Block the file and display FileBlockedTextCensor page Or abort the download of this file and display FileAborted page And add the URL to the category Security Threats
Technical Reference: WebMarshal Default Rules (6.8.1) Page 41
And classify the domain as Harmful & Stealth And do not process any further content analysis rules
Block Download - Adult & Nudity Mail Content (disabled) Scans for pornographic content in Web Mail. Access is blocked if such content is found, but WebMarshal does not add the site to the 'Adult & Nudity' category.
When a web request is received for download For any users And where the URL is a member of Web Mail And where the content matches all of Pornographic
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Download - Cached Search Results (disabled) Detects attempts to bypass WebMarshal filtering using search engine cache services. Access is allowed after a warning is given.
When a web request is received for download For any users And where addressed to any URL And where the content matches all of Cached Search Engine Results
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And classify the domain as Anonymizer And do not process any further content analysis rules
Block Download - Offensive Content (disabled) Scans web pages for offensive content, blocking matching pages. NOTE: This rule provides up-front blocking of offensive content. This rule is very restrictive and should be used with caution.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches any of Offensive Language
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
[Restricted User Policy] When a web request is received Where the user is a member of Restricted Users And where addressed to any URL
Process rules in this container
Block File - Encrypted Archives Block Encrypted Archives.
When a web request is received For any users And where addressed to any URL And where the file type is SEA, SEAEncrypt, ARJsfxcrypt, RARsfxcrypt, ZIPsfxcrypt, SITEncrypt, ARJcrypt, RARcrypt, ZIPcrypt
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 42
Block File - Executables (inc. archived Executables) Block Executable files, even if contained within an archive file (such as Zip or RAR)
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type EXECUTABLE
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Multimedia (inc. archived Multimedia) Block Multimedia files, even if contained within an archive file (such as Zip or RAR).
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type SOUND, AVI, MOV, MPG, DVM, FLI, FLC, FLV, OGV
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Encrypted Files Block encrypted files.
When a web request is received For any users And where addressed to any URL And where the file is or contains a file of type ENCRYPTED
Block the file and display FileBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block File - Unpacking Error Block downloads where WebMarshal is unable to unpack file for analysis. Unpacking errors are typically associated with file corruption issues.
When a web request is received For any users And where addressed to any URL And where an error occurs while unpacking
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Offensive Text Content Prevents users from uploading offensive text (typically to a web mail site or forum).
When a web request is received for upload For any users And where addressed to any URL And where the content matches any of Pornographic, Offensive Language, Racist & Hate
Block the file and display UploadBlockedTextCensor page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Forum Posting Prevents Users from uploading data on Discussion and Forum sites.
When a web request is received for upload For any users And where the URL is a member of Blogs, Personal Pages & Forums
Technical Reference: WebMarshal Default Rules (6.8.1) Page 43
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - WebMail Prevents Users from uploading data on Web Mail sites.
When a web request is received for upload For any users And where the URL is a member of Web Mail And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Job Site Posting Prevents users from uploading data on Jobs Search sites (e.g. Monster.com).
When a web request is received for upload For any users And where the URL is a member of Job Search And where the transferred data size is Greater than 1 KB
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Confidential Content This rule scans content which is being uploaded for keywords indicating potential data leakage. NOTE: This includes any online forms such as Web Mail, Forums and Personal Pages as these uploads are handled as TEXT.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT, TEXT, FORMTXT And where the content matches all of Confidential Data Leakage
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - All Documents This rule blocks all uploads of typical documents (Word, Excel, PDF etc.). NOTE: This rule is quite restrictive and should be applied with care.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Upload - Suspected Resumes This rule scans uploaded documents for keywords associated with resumes and CVs.
When a web request is received for upload For any users And where addressed to any URL And where the file type is DOCUMENT, TEXT And where the content matches all of Resumes and CVs
Block the file and display UploadBlocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Technical Reference: WebMarshal Default Rules (6.8.1) Page 44
Block Download - Adult & Nudity Content Scans web pages for Adult & Nudity type content and blocks any matching pages.
When a web request is received for download For any users And where addressed to any URL And where the content matches any of Pornographic, Age Verification
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And classify the file as Adult & Nudity And do not process any further content analysis rules
Block Download - Browser Hijack (disabled) Scans for commands which may alter your browser settings and adds matching pages to the 'Harmful & Stealth' category.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches all of Browser Hijack
Block the file and display FileBlockedTextCensor page Or abort the download of this file and display FileAborted page And add the URL to the category Security Threats And classify the domain as Harmful & Stealth And do not process any further content analysis rules
Block Download - Adult & Nudity Mail Content Scans for pornographic content in Web Mail. Access is blocked if such content is found, but WebMarshal does not add the site to the 'Adult & Nudity' category.
When a web request is received for download For any users And where the URL is a member of Web Mail And where the content matches all of Pornographic
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Block Download - Cached Search Results Detects attempts to bypass WebMarshal filtering using search engine cache services. Access is allowed after a warning is given.
When a web request is received for download For any users And where addressed to any URL And where the content matches all of Cached Search Engine Results
Block the file and display Blocked page Or abort the download of this file and display FileAborted page And classify the domain as Anonymizer And do not process any further content analysis rules
Block Download - Offensive Content Scans web pages for offensive content, blocking matching pages. NOTE: This rule provides up-front blocking of offensive content. This rule is very restrictive and should be used with caution.
When a web request is received for download For any users And where addressed to any URL Except where the URL is a member of [All URL Categories] And where the content matches any of Offensive Language
Technical Reference: WebMarshal Default Rules (6.8.1) Page 45
Block the file and display FileBlockedTextCensorOff page Or abort the download of this file and display FileAborted page And do not process any further content analysis rules
Permit - All other traffic Permit remaining traffic not previously blocked or permitted by preceding rules.
When a web request is received For any users And where addressed to any URL
Permit access And do not process any further content analysis rules
© Copyright 2010 M86 Security. All rights reserved. M86 Security is a registered trademark of M86 Security. All other product and company names mentioned herein are trademarks or registered trademarks of their respective companies.
ABOUT M86 SECURITY M86 Security is a global provider of Web and messaging security products, delivering comprehensive protection to more than 20,000 customers and over 16 million users worldwide. As one of the largest independent internet security companies, we have the expertise, product breadth and technology to protect organizations from both current and emerging threats. Our appliance, software and cloud-based solutions leverage real-time threat data to proactively secure customers’ networks from malware and spam; protect their sensitive information; and maintain employee productivity. The company is based in Orange, California with international headquarters in London and offices worldwide. For more information about M86 Security, please visit www.m86security.com.
TRY BEFORE YOU BUY M86 Security offers free product trials and evaluations. Simply contact us or visit www.m86security.com/downloads
Corporate Headquarters 828 West Taft Avenue Orange, CA 92865 United States
Phone: +1 (714) 282-6111 Fax: +1 (714) 282-6116
International Headquarters Renaissance 2200 Basing View, Basingstoke Hampshire RG21 4EQ United Kingdom Phone: +44 (0) 1256 848080 Fax: +44 (0) 1256 848060
Asia-Pacific Millennium Centre, Bldg C, Level 1 600 Great South Road Ellerslie, Auckland, 1051 New Zealand Phone: +64 (0) 9 984 5700 Fax: +64 (0) 9 984 5720 Version 10.19.10