Writing a Web Access Resource Policy

Web access resource policies control which Web resources users can access in order to connect to the Internet, intranet, or extranet. You can deny or allow access to Web resources by URL or IP range. For URLs, you can use the "*" and "?" wildcards to efficiently specify multiple hostnames and paths. For resources that you specify by hostname, you can also choose either HTTP, HTTPS, or both protocols.

To write a Web Access resource policy:

1.In the admin console, choose Users > Resource Policies > Web > Web ACL.

2.On the Web Access Policies page, click New Policy.

3.On the New Policy page, enter a name to label this policy and optionally a description.

4.In the Resources section, specify the resources to which this policy applies.

5.In the Roles section, specify:

•Policy applies to ALL roles - To apply this policy to all users.

•Policy applies to SELECTED roles - To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

•Policy applies to all roles OTHER THAN those selected below - To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.

6.In the Action section, specify:

•Allow access - To grant access to the resources specified in the Resources list.

•Deny access - To deny access to the resources specified in the Resources list.

•Use Detailed Rules - To specify one or more detailed rules for this policy.

7.Click Save Changes.

8.On the Web Access Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy's (or a detailed rule's) Resource list, it performs the specified action and stops processing policies.