Import or Export WebBlocker Exception Rules
If you manage several Fireboxes or use WebBlocker with more than one proxy definition, you can import and export exception rules between them. This saves time because you must define the rules only once.
You can transfer exception rules between proxies or Fireboxes in two ways. You can write an ASCII file that defines the rules and import it to other Fireboxes or proxies. Or, you can use the WebBlocker user interface to define the exception rules, export the file to an ASCII file, and import that file into another device configuration file or proxy definition.
Write Rulesets in an ASCII File
You can write rules in a normal ASCII file that uses the standard UTF-8 character set.
You must include only one rule per line. The syntax for rules is:
[rule_name, action,enabled|disabled, log|no log, match_type,] pattern_value
rule_name is the name of the rule as it appears in the exception list. The default is WB Rule n.
action = Allow or Deny. The default action is Allow.
enabled|disabled = Whether the rule is currently enabled or disabled. The default is enabled.
log|no log = Specifies whether you want a log message when the action is taken. The default is no log.
match_type = Specifies the type of match: exact match, regular expression or pattern match. The default is pattern match.
value = value to be matched.
The fields enclosed in brackets are optional. If you omit them, the default values are used.
To add comments to a file, precede the comment with a number sign (#). Make sure the comment is on its own line.
Below is an example exceptions file.
# Here are five exception rules
AllowFB, allow, enabled, No Log,*.firebox.net/* deny, disabled, Log, very.badsite.com/* ExceptionRule1,*.goodsite.com/" exact match, 10.0.0.1
The next section, “Import an ASCII exceptions file”, shows how the above file would look if imported into WebBlocker.
Import an ASCII Exceptions File
- From the Exceptions tab of the WebBlocker Configuration dialog box, click Import.
- Find the ASCII file and click Open.
- If exceptions are already defined in WebBlocker, you are asked whether you want to replace the existing rules or append the imported rules to the list of existing rules. Click Replace or Append.
If you click Append, the imported rules appear in the Exceptions block beneath any existing rules. If you want to change the order of the exception rules, see Change the Order of WebBlocker Exception Rules.
If you import the example file in the previous section into WebBlocker, it appears like this:
Export Rules to an ASCII File
When you export exception rules from a proxy definition, the Firebox saves the current rules to an ASCII text file in the format described above.
- From the Exceptions tab of the WebBlocker Configuration dialog box, define exceptions as described in Add WebBlocker Exceptions.
- Click Export.
- In the Open dialog box, select where you want to save the exceptions file and click Save.
You can now open another HTTP proxy definition in the same or in a different Firebox configuration file and import the exceptions file.