Configure Website Security

• On the Settings tab you may set the feature in learning mode. In Learning mode all rules are applied, but websites are not blocked, only logged.
• You can switch between a Basic and Advanced view on the Settings tab by clicking the Basic Settings / Advanced Settings button. The Basic view presents the most commonly used options, while the Advanced view offers the possibility to secure additional browser processes and logging exclusions, but also allows you to run Website Security in legacy mode instead.
• Additional browsers can be secured by specifying their process names at Additional processes (Advanced setting).
• On the same tab, you can configure the logging of security events:
  • Log security events - Enable this option if log entries should be created when Website Security events occur.
    • Click Message to configure security notifications that will be shown if a Website Security event occurs. The security notifications are only shown for http:// events.
    • Log security events once - This option only applies to Whitelisting (Security method). When this option is not enabled, please take into account that this will cause a lot of extra log entries.
  • With the option Notify user about security events enabled, in user sessions, to users trying to browse to a blocked website, a notification is displayed (bottom right corner) informing him about the blocked site.
  • Log all visited websites - When enabling this option, all visited whitelisted/allowed websites will have the value ALLOW in the Action column on the Log tab, and blacklisted/denied websites the value BLOCK.
    Please note that enabling this option may produce quite some extra logging in the Datastore.
  • Specify Logging exclusions (Advanced setting) to prevent excessive logging. For instance, for white- or blacklisted websites that contain pictures, separate log entries for these pictures might not be desirable. By default, the following extensions are specified as logging exclusions: ICO, JS, CSS, GIF, JPG, PNG and JPEG. This list can be changed.
• Select the Advanced setting Use legacy mode regardless of operating system, to only enable Website Security for Microsoft Internet Explorer 8.
  To enable Website Security for Microsoft Edge, Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Opera and any additional processes you specify, do not select Use legacy mode regardless of operating system.
  • The options for Redirected websites, i.e. websites containing iFrames that load a redirected URL in the background, are only applicable for Microsoft Internet Explorer 8 on Operating Systems on which the legacy mode is applied. For Operating Systems for which browser independent website security is enabled, redirected websites are treated like any other, not redirected website.
    • Log security events - Enable this option if log entries should be created for redirected websites that are accessed as a result of iFrames.
    • Notify user with message box - Enable this option to show messages to end users when they are being redirected to another website as a result of iFrames.
• On the Websites tab you may enter allow or deny rules for websites, depending on the method used (configured on the Settings tab).
• Choose the protocol to block (http/https/ftp/all).
• Enter the website to be blocked. Rules may contain an asterisk (*). The asterisks are regarded as wildcards. If an IP address is entered as URL, WebGuard will try to resolve the IP address and the resulting URL will be checked. If you enter a Rule with http://, https:// or ftp://, this prefix will automatically be selected as protocol. If you do not enter a prefix, this must be selected manually. By default this is http://. Sub sites (such as www.res.com/solutions) are supported.
• The default for blacklisting is Allow. Entering only Allow rules therefore, has no effect. Allow rules are exceptions to the Deny rules. A URL is first checked against the Deny rules. If the URL passes this check, i.e. there is no Deny rule for this URL, the web page will be displayed. When a URL has a Deny rule hit, the URL will be checked against the Allow rules. If the URL does match an Allow rule the web page will be displayed despite the matching Deny rule. The Allow rules are used as exceptions to the Deny rules and can be used for fine tuning Websites Security.
• The default for whitelisting is Deny. Entering only Deny rules, therefore, has no effect. Deny rules are exceptions to the Allow rules. A URL is first checked against the Allow rules. If the URL does pass this check, i.e. there is an Allow rule matching the URL, the URL will then be checked against the Deny rules. If the URL has a Deny rule match, the web page will not be shown, despite the matching Allow rule. The Deny rules are used as exceptions to the Allow rules and can be used for fine tuning Websites Security.
• If a Deny rule is configured, you may set a specific Learning mode for that rule:
  • Default learning mode - Use the mode that is selected on the Settings tab.
  • Yes - Always run this rule in Learning mode (indifferent of the setting on the Settings tab).
  • No - Never run this rule in Learning mode (indifferent of the setting on the Settings tab).
• You can configure exceptions to Websites Security, to give specific users on specific locations specific permissions.
• If necessary, you can authorize websites that caused a security event on the Log tab.
• On the Log tab, it is possible to export the log entries to a CSV file.
• You can override the global settings of this feature for specific Workspace Containers.