McAfee MSA09EMB1RAA Product Guide - Page 26

Configuring Policies Use Authorize and Prohibit lists for sites Domain component: .acme.com Path component: /downloads disregards the protocol and introductory characters. For example, even though there is no dot before acme in http://acme.com, this pattern assumes www. and is thus a match. You can also add port numbers after the domain (:8443, for example) as part of the site pattern to restrict access to a particular port, preventing or allowing access through the port depending on whether the site pattern is on a prohibit or authorize list. If no port number is given, all ports are matched. Site patterns must be at last six characters in length, and they do not accept wildcard characters. SiteAdvisor Enterprise Plus does not check for matches in the middle or end of URLs. More examples: Site pattern Result http://www.site.com/news The domain is http://www.site.com and the path is /news. The URL string that matches this pattern must have a domain that ends with http://www.site.com and a path that begins with /news. Matches: • http://www.site.com/news/index.asp • http://www.site.com:8443/news/pages/logo.gif Does not match: • https://www.site.com/news/index.asp • http://info.site.com:8443/news/pages/logo.gif .acme.com:9090/downloads The domain is .acme.com:9090 and the path is /downloads. The URL string that matches this pattern must have a domain that ends with .acme.com:9090 and a path that begins with /downloads. Matches: • http://www.acme.com:9090/downloads • http://acme.com:9090/downloads • https://news.acme.com:9090/downloads Does not match: • http://www.myacme.com:9090/downloads • http://acme.com/downloads • https://news.acme.net:9090/downloads How multiple-instance policies work Authorize List and Prohibit List policies are called multiple-instance policies because you can assign multiple instances of an Authorize list or a Prohibit list under a single policy. The policy instances are automatically combined into one effective policy. Multiple-instance policies obey the ePolicy Orchestrator laws of inheritance within a System Tree (see Organizing Systems for Management and Managing Products with Policies and Client Tasks in the ePolicy Orchestrator Product Guide). As an example, say that you configure one Authorize List policy for Group A, another for Group B, and another for Group C. If Group A contains Group B, and Group B contains Group C, then Group C's Authorize List policy would be an effective policy incorporating elements from all three Authorize List policies. The Authorize list for Group C might contain all the sites listed for Group A and Group B, plus additional sites specific to Group C. By using an effective policy, there is no need to re-enter all the sites from Group A and Group B into the Authorize list for Group C. 26 McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide