advertisement
Refine Web Security Policies
Using regular expressions
Web Security Help | Web Security Solutions | Version 7.8.x
A regular expression is a template or pattern used to match multiple strings, or groups of characters. You can use regular expressions in limited access filters, or to define custom URLs or keywords. Filtering Service then tries to match the general pattern, rather than a specific, single URL or keyword.
Consider this simple regular expression: domain.(com|org|net)
This expression pattern matches the URLs:
domain.com
domain.org
domain.net
Use regular expressions with care. They provide a powerful tool, but they need to be constructed well. Poorly constructed regular expressions can result in excessive overhead, over-blocking, or under-blocking. Using regular expressions as policy enforcement criteria may increase CPU usage.
As with keywords, when non-ASCII characters appear in a regular expression, the expression is matched against only the path and query strings in a URL, and not the domain (“www.domain.com/path?query”).
Websense software supports most Perl regular expression syntax, with 2 exceptions.
The unsupported syntax is unlikely to be useful for matching strings that could be found in a URL.
Unsupported regular expression syntax includes:
(?{code})
??{code})
For further help with regular expressions, see: en.wikipedia.org/wiki/Regular_expression www.regular-expressions.info/
Using the Toolbox to verify policy enforcement behavior
Web Security Help | Web Security Solutions | Version 7.8.x
The right shortcut pane in the Web Security manager includes a Toolbox that allows you to perform quick checks of your policy setup.
Click a tool name to access the tool. Click the name again to see the list of tools. For more information about using a tool, see:
296
Websense Web Security Solutions
Refine Web Security Policies
You can also click Support Portal to access the Websense Technical Support website in a new browser tab or window. From the Support Portal, you can search the knowledge base to find articles, tips, tutorials, videos, and product documentation.
URL Category
Web Security Help | Web Security Solutions | Version 7.8.x
To find out how a site is currently categorized:
1.
Click URL Category in the Toolbox.
2.
Enter a URL or IP address.
3.
Click Go.
The site’s current category is displayed in a popup window. If your organization has recategorized the URL, the new category is shown.
The site’s categorization may depend on which version of the Master Database
(including real-time updates) you are using.
Check Policy
Web Security Help | Web Security Solutions | Version 7.8.x
Use this tool to determine which policies apply to a specific client. The results are specific to the current day and time.
1.
Click Check Policy in the Toolbox.
2.
To identify a directory or computer client, enter either:
A fully qualified user name
To browse or search the directory to identify the user, click Find User (see
Identifying a user to check policy or test filtering
).
An IP address
3.
Click Go.
The name of one or more policies is displayed in a popup window. Multiple policies are displayed only when no policy has been assigned to the user, but policies have been assigned to multiple groups, domains, or organizational units to which the user belongs.
Even if multiple policies are shown, only one policy is enforced for a user at any given
).
Web Security Help
297
Refine Web Security Policies
Test Filtering
Web Security Help | Web Security Solutions | Version 7.8.x
To find out what happens when a specific client requests a particular site:
1.
Click Test Filtering in the Toolbox.
2.
To identify a directory or computer client, enter either:
A fully qualified user name
To browse or search the directory to identify the user, click Find User (see
Identifying a user to check policy or test filtering
).
An IP address
3.
Enter the URL or IP address of the site you want to check.
4.
Click Go.
The site category, the action applied to the category, and the reason for the action are displayed in a popup window.
URL Access
Web Security Help | Web Security Solutions | Version 7.8.x
To see whether users have attempted to access a site in the past 2 weeks, including today:
1.
Click URL Access in the Toolbox.
2.
Enter all or part of the URL or IP address of the site you want to check.
3.
Click Go.
An investigative report shows whether the site has been accessed, and if so, when.
You might use this tool after receiving a security alert to find out if your organization has been exposed to phishing or virus-infected sites.
Investigate User
Web Security Help | Web Security Solutions | Version 7.8.x
To review a client’s Internet usage history for the last 2 weeks, excluding today:
1.
Click Investigate User in the Toolbox.
2.
Enter all or part of a user name (if user identification has been configured) or IP address (for machines on which users are not identified).
The IP address search shows only results for which no user name has been logged.
3.
Click Go.
An investigative report shows the client’s usage history.
298
Websense Web Security Solutions
Refine Web Security Policies
Identifying a user to check policy or test filtering
Web Security Help | Web Security Solutions | Version 7.8.x
Use the Find User page to identify a user (directory) client for the Check Policy or
Test Filtering tool.
The page opens with the User option selected. Expand the Directory Entries folder to browse the directory, or click Search. The search feature is available only if you are using an LDAP-based directory service.
To search the directory to find a user:
1.
Enter all or part of the user Name.
2.
Expand the Directory Entries tree and browse to identify a search context.
You must click a folder (DC, OU, or CN) in the tree to specify the context. This populates the field below the tree.
3.
Click Search. Entries matching your search term are listed under Search Results.
4.
Click a user name to select a user, or click Search Again to enter a new search term or context.
To return to browsing the directory, click Cancel Search.
5.
When the correct fully qualified user name appears in the User field, click Go.
If you are using the Test Filtering tool, make sure that a URL or IP address appears in the URL field before you click Go.
To identify a computer client instead of a user, click IP address.
Web Security Help
299
Refine Web Security Policies
300
Websense Web Security Solutions
14
User Identification
Web Security Help | Web Security Solutions | Version 7.8.x
To apply policies to users and groups, Websense software must be able to identify the user making a request, given the originating IP address. Various identification methods are available:
An integration device or application identifies and authenticates users, and then passes user information to Websense software. For more information, see the
Deployment and Installation Center .
A Websense transparent identification agent works in the background to
communicate with a directory service and identify users (see
Websense software prompts users for their network credentials, requiring them to
log on when they open a Web browser (see
).
In Websense Web Security Gateway Anywhere environments, the hybrid service must likewise be able to identify users to apply user and group based policies. It does not use information provided by User Service or transparent identification agents. Instead, the following methods are available:
A component called Websense Directory Agent collects the information used to identify users (see
Identification of hybrid users
).
Websense Web Endpoint is installed on client machines to provide transparent authentication, enforce use of the hybrid service, and pass authentication details to the hybrid service.
Single sign-on, available beginning with 7.8.4, provides authentication using an identity provider that communicates with your directory service.
For 7.8.4, Ping Federate is the only supported identity provider.
Web Security Help
301
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project