If a managed system uses a policy that contains an Authorize list, the system can access sites
on that list even when they are blocked or warned (by a Rating Actions policy) due to their
safety rating. If a Rating Actions policy blocks red sites but a red site is added to the Authorize
list, that site can be accessed. Therefore, it is important to exercise caution when adding sites
to an Authorize list.
You can also specify actions for resources within authorized sites, such as file downloads and
phishing pages. For example, if you evaluate a yellow site and determine that your users are
not vulnerable to potential threats on the site, you can add the site to an Authorize list. If the
site contains a phishing page or a red download file, you can authorize access to the site but
block access to the phishing page and download file. This ensures that sites important to your
business are accessible, but that your users are protected from potential threats on those sites.
The Authorize List and Prohibit List policy categories are
multiple-instance policies. See How
multiple-instance policies work for more information.
By default, if the same site appears on an Authorize list and a Prohibit list, the Prohibit list takes
precedence and the site is blocked. You can configure a policy option to give an Authorize list
priority instead.
NOTE:
The Authorize List or Prohibit List policy settings override those in the Content Actions
policy if this policy is available.
How site patterns work
Authorize lists and Prohibit lists use
site patterns to specify a range of sites affected by
enforcement rules. This enables you to apply enforcement rules to particular domains or to a
range of similar sites without entering each URL separately.
When a managed system attempts to navigate to a site, SiteAdvisor Enterprise Plus checks
whether the URL matches any site patterns configured in an Authorize List or Prohibit List policy.
It uses specific criteria to determine a match.
A site pattern consists of a URL or partial URL, which SiteAdvisor Enterprise Plus interprets a
site pattern as two distinct components:
domain with protocol information (for example, http://,
https://, or ftp://) and
path.
Site pattern example: .acme.com/downloads:
Path component: /downloads
Domain component: .acme.com
Path information is matched from the
beginning. A
matching URL’s path must
begin with the site pattern’s
Domain information is matched from the
end. A matching
URL’s domain must
end with the site pattern’s domain.
The protocol can vary.
path, which includes everything that follows the "/" after
the domain.
These strings match the domain component of the site
pattern:
These strings match the path component of the site
pattern:
•
http://www.acme.com
•
/downloads/news
•
http://www.info.acme.com
•
/downloads/applications/setup.exe
•
http://acme.com
•
/downloads/index.asp
These strings do not match the path component of the
site pattern:
These strings do not match the domain component of
the site pattern:
•
/download/news
•
http:// www.myacme.com
•
/user/downloads/applications/setup.exe
•
http://www.info.acme.net
•
http://acme.com.tk
NOTE:
Use the "." character at the beginning of any site
pattern to match a specific domain. This character
Configuring Policies
Use Authorize and Prohibit lists for sites
25
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide