About WebBlocker Exceptions
WebBlocker could deny a website that is necessary for your business. You can override WebBlocker when you define a website usually denied by WebBlocker as an exception to allow users to get access to it. For example, suppose employees in your company frequently use websites that contain medical information. Some of these websites are forbidden by WebBlocker because they fall into the sex education category. To override WebBlocker, you specify the website domain name. You can also deny sites that WebBlocker usually allows
WebBlocker exceptions apply only to HTTP and HTTPS traffic. If you deny a site with WebBlocker, the site is not automatically added to the Blocked Sites list.
To add WebBlocker exceptions, see Add WebBlocker Exceptions.
Define the Action for Sites that do not Match Exceptions
In the Use category list section below the list of exception rules, you can configure the action to occur if the URL does not match the exceptions you configure. By default the Use the WebBlocker category list to determine accessibility radio button is selected, and WebBlocker compares sites against the categories you selected on the Categories tab to determine accessibility.
To use exception rules to restrict website access instead of the categories, select Deny website access.
Select to send an alarm when the Firebox denies a WebBlocker exception. To set parameters for the alarms, select the Alarm tab. For information on the Alarm tab options, see Set Logging and Notification Preferences.
Log this action
Select to send a message to the log file when the Firebox denies a WebBlocker exception.
Many web sites include references to content located at other sites, or use a content delivery network (CDN) to host content. Users might not see a deny message in the web browser when WebBlocker denies access to referenced content. If you select the Deny website access option, select the Log this Action check box so that you can see log messages about denied URLs in Traffic Monitor. If users report problems with missing content on an allowed website, you can look at the log messages to see if you need to add another exception to allow the referenced content.
Components of Exception Rules
Exception rules are based on IP addresses or a pattern based on IP addresses. You can have the Firebox block or allow a URL with an exact match. Usually, it is more convenient to have the Firebox look for URL patterns. The URL patterns do not include the leading "http://". To match a URL path on all websites, the pattern must have a trailing “/*”.
The host in the URL can be the host name specified in the HTTP request, or the IP address of the server.
Network addresses are not supported, however you can use subnets in a pattern (for example, 10.0.0.*).
For servers on port 80, do not include the port. For servers on ports other than 80, add “ :port”, for example: 10.0.0.1:8080. You can also use a wildcard for the port—for example,10.0.0.1:*—but this does not apply to port 80.
Exceptions with Part of a URL
You can create WebBlocker exceptions with the use of any part of a URL. You can set a port number, path name, or string that must be blocked for a special website. For example, if it is necessary to block only www.sharedspace.com/~dave because it has inappropriate photographs, you type “www.sharedspace.com/~dave/*”. This gives the users the ability to browse to www.sharedspace.com/~julia, which could contain content you want your users to see.
To block URLs that contain the word “sex” in the path, you can type “*/*sex*”. To block URLs that contain “sex” in the path or the host name, type “*sex*”.
You can block ports in an URL. For example, look at the URL
http://www.hackerz.com/warez/index.html:8080. This URL has the browser use the HTTP protocol on TCP port 8080 instead of the default method that uses TCP 80. You can block the port by matching *8080.