Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 1 subscriber
  • Views 4256 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block ALL sites except for white-list of sites

James Van de Waal

Hi All

 

We are using Web gateway for users, Is there an easy way to block all internet access except for a designated list of sites or URLs that users can access?

 

I have had a quick trawl through these forum posts but not seen a resolution for this.

 

Thank you



This thread was automatically locked due to age.
  • 0

    there are several ways to accomplish this.

    by default everyone that has not authenticated should be blocked.. see https://community.sophos.com/kb/en-us/126599

     

    If you do not use auth and have your default policy set to block everything (not recommend) .. or just want to specifically pick and choose some sites

     

    create a local site list entry

    select "add multiple sites"

    enter in all of the sites 1 per line

    change the category to "custom"

     

    then in your default policy allow the custom category.  by default there is nothing in there so they will have access to any site you move into it.

    you could also allow it by default or include the globally allowed flag to ensure any user can get to it. 

     

    the other way to do it is to create 2 local site list entries.

    include all of the users (via the drop down, pick users) 

    skip everything up to the "tags" tab

    configure the tag to allow

    next

    ensure you click of apply from machines connecting anywhere, name it save it.

     

    one the allow tag is done, create the local site list entries as above... except from the "tags" drop down, select your allow tag you just made.

    this will apply the "allow" tag to all of the sites and create the entries in 1 swoop

     

    note:

    I generally make an allow tag and a block tag.. this is highly useful to police sites at a granular level.  

     

    for example in a school

    lets say you have an ad group for teachers and one for students.  

    if you create an allow tag and include the teachers ad group, name it and save it

    and another tag for students with a deny, name it and save it

     

    you can then create a single site list entry such as facebook.com .. your default policy may block it.. but you could then apply the teachers allow tag to the lsl entry.. presto.. facebook is blocked for everyone except the teachers allow tag over writes the block for anyone in the ad group teachers.

     

    in the policy order.. tags are meant to "override" a block... they are very useful if you wish to allow one site and block an entire category.  you can also apply time based policy to a tag.. so for example you could allow students facebook access at lunch .. well blocking the entire personnel and dating category all the time. 

     

    have fun!

Unfiltered HTML