You can also control access to web content using a URL or domain name. In today’s web milieu, this is not an effective solution because the elements of a web site are served from multiple URLs or domains. Blocking specific URLs is effective only when you know that the content is always served from a specific domain or URL.
To allow reasonable access to Web content, you need to create policy that combines categories, applications and operation controls. This means that you can allow access to certain applications within a category while blocking the category itself, or restrict selected operations across all applications.
The pre-requisites for enabling web and mobile application control at BlueCoat device is as follows:
- Proxy Edition license (not a MACH5 license)
- The Blue Coat WebFilter feature must be enabled. (Configuration > Content Filtering > General)
- A current BCWF database must be downloaded to the ProxySG. (Configuration > Content Filtering > Blue Coat WebFilter)
- The ProxySG must have one or more Web services, such as External HTTP and HTTPS, set to intercept. Bypassed Web traffic is not classified into applications.
When you block by operation, unlike blocking by application, you prevent users in your network from performing the specified operation for all applications that support that operation. They can however, access the application itself.
Note, however, that the Request URL operation object only pertains to operations for sites that BCWF recognizes as Web applications. So, blocking picture uploads would not prevent users in your network from using FTP to upload a JPEG file to an FTP server, or from using an HTTP POST to upload a picture on a Web site running bulletin board software.
The following application and operation control objects allow you to match against the URL in an HTTP or HTTPS request that the ProxySG appliance receives from clients in the network and create policy to allow or restrict access to the requested action or content:
1. Request URL Application:
The Request URL Application object gives you the ability to block popular Web applications such as Facebook, Linkedin, or Pandora. As new applications emerge or existing applications evolve, BCWF tracks the domains that these Web applications use to serve content, and provides periodic updates to include the new domains that are added. You can use the Request URL Application object to block an application and all the associated domains automatically.
2. Request URL Operation:
The Request URL Operation object restricts the actions a user can perform on a Web application. For instance, when you select the Upload Picture action for the Request URL Operation, you create a single rule that blocks the action of uploading pictures to any of the applications or services where the action can be performed such as Flickr, Picasa, or Smugmug.
Reference:
1. How do I control Web 2.0 and Mobile applications in my network?
https://kb.bluecoat.com/index?page=content&id=KB4784&actp=RSS
https://kb.bluecoat.com/index?page=content&id=KB4784&actp=RSS
No comments:
Post a Comment