12.10.2. Configuring safe browsing

You configure safe browsing at the security-policy safe-browsing level. For more details on the command structure, see Configuring Rules Using UPL.

You need to specify the following data:





Action to create a rule using UPL.


Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).


Safe browsing rule name.

Example: name("Safe browsing rule example").


Rule description. Example, desc("Safe browsing rule example set via CLI").


Log traffic information if the rule is triggered. The available options are:

  • rule_log(no) or rule_log(false): disable logging. If rule_log is not specified, logging is disabled.

  • rule_log(yes) or rule_log(true): enable logging.


Block advertising (AdBlock).

  • enable_adblock(yes) or enable_adblock(true).

  • enable_adblock(no) or enable_adblock(false).


List of sites for which AdBlock is not required: url_list_exclusions("URL list name").

For more details about how to create and configure URL lists using CLI, see Configuring URL lists.


Inject code into web pages:

  • enable_injector(yes) or enable_injector(true).

  • enable_injector(no) or enable_injector(false).


Injector code.


Use the safe search feature:

  • safe_search(yes) or safe_search(true).

  • safe_search(no) or safe_search(false).


Log user search requests:

  • search_history_logging(no) or search_history_logging(false): disable logging. If search_history_logging is not specified, logging is disabled by default.

  • search_history_logging(yes) or search_history_logging(true): enable user search query logging.


Block social network apps:

  • cocial_sites_block(yes) or cocial_sites_block(true).

  • cocial_sites_block(no) or cocial_sites_block(false).


Traffic source zone.

To specify a source zone, such as Trusted: src.zone = Trusted.

For more details about configuring zones using the CLI, see Zones.


Add source IP address or domain lists.

Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses.

Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists.


Source GeoIP; specify a country code (for example, src.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.


Users and groups for which the safe browsing rule applies (local or LDAP).

To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors).

The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group):

user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc")

The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups.


Set a schedule for a rule.

To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets.