McAfee MSA09EMB1RAA Product Guide - Page 25

Configuring Policies Use Authorize and Prohibit lists for sites If a managed system uses a policy that contains an Authorize list, the system can access sites on that list even when they are blocked or warned (by a Rating Actions policy) due to their safety rating. If a Rating Actions policy blocks red sites but a red site is added to the Authorize list, that site can be accessed. Therefore, it is important to exercise caution when adding sites to an Authorize list. You can also specify actions for resources within authorized sites, such as file downloads and phishing pages. For example, if you evaluate a yellow site and determine that your users are not vulnerable to potential threats on the site, you can add the site to an Authorize list. If the site contains a phishing page or a red download file, you can authorize access to the site but block access to the phishing page and download file. This ensures that sites important to your business are accessible, but that your users are protected from potential threats on those sites. The Authorize List and Prohibit List policy categories are multiple-instance policies. See How multiple-instance policies work for more information. By default, if the same site appears on an Authorize list and a Prohibit list, the Prohibit list takes precedence and the site is blocked. You can configure a policy option to give an Authorize list priority instead. NOTE: The Authorize List or Prohibit List policy settings override those in the Content Actions policy if this policy is available. How site patterns work Authorize lists and Prohibit lists use site patterns to specify a range of sites affected by enforcement rules. This enables you to apply enforcement rules to particular domains or to a range of similar sites without entering each URL separately. When a managed system attempts to navigate to a site, SiteAdvisor Enterprise Plus checks whether the URL matches any site patterns configured in an Authorize List or Prohibit List policy. It uses specific criteria to determine a match. A site pattern consists of a URL or partial URL, which SiteAdvisor Enterprise Plus interprets a site pattern as two distinct components: domain with protocol information (for example, http://, https://, or ftp://) and path. Site pattern example: .acme.com/downloads: Domain component: .acme.com Path component: /downloads Domain information is matched from the end. A matching URL's domain must end with the site pattern's domain. The protocol can vary. These strings match the domain component of the site pattern: • http://www.acme.com • http://www.info.acme.com • http://acme.com These strings do not match the domain component of the site pattern: • http:// www.myacme.com • http://www.info.acme.net Path information is matched from the beginning. A matching URL's path must begin with the site pattern's path, which includes everything that follows the "/" after the domain. These strings match the path component of the site pattern: • /downloads/news • /downloads/applications/setup.exe • /downloads/index.asp These strings do not match the path component of the site pattern: • /download/news • /user/downloads/applications/setup.exe • http://acme.com.tk NOTE: Use the "." character at the beginning of any site pattern to match a specific domain. This character McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide 25