12.10.2. Configuring safe browsing

You configure safe browsing at the security-policy safe-browsing level. For more details on the command structure, see Configuring Rules Using UPL.

You need to specify the following data:

Parameter

Description

PASS

OK

Action to create a rule using UPL.

enabled

Enable/disable a rule:

  • enabled(yes) or enabled(true).

  • enabled(no) or enabled(false).

name

Safe browsing rule name.

Example: name("Safe browsing rule example").

desc

Rule description. Example, desc("Safe browsing rule example set via CLI").

rule_log

Log traffic information if the rule is triggered. The available options are:

  • rule_log(no) or rule_log(false): disable logging. If rule_log is not specified, logging is disabled.

  • rule_log(yes) or rule_log(true): enable logging.

enable_adblock

Block advertising (AdBlock).

  • enable_adblock(yes) or enable_adblock(true).

  • enable_adblock(no) or enable_adblock(false).

url_list_exclusions

List of sites for which AdBlock is not required: url_list_exclusions("URL list name").

For more details about how to create and configure URL lists using CLI, see Configuring URL lists.

enable_injector

Inject code into web pages:

  • enable_injector(yes) or enable_injector(true).

  • enable_injector(no) or enable_injector(false).

custom_injector

Injector code.

safe_search

Use the safe search feature:

  • safe_search(yes) or safe_search(true).

  • safe_search(no) or safe_search(false).

search_history_logging

Log user search requests:

  • search_history_logging(no) or search_history_logging(false): disable logging. If search_history_logging is not specified, logging is disabled by default.

  • search_history_logging(yes) or search_history_logging(true): enable user search query logging.

social_sites_block

Block social network apps:

  • cocial_sites_block(yes) or cocial_sites_block(true).

  • cocial_sites_block(no) or cocial_sites_block(false).

src.zone

Traffic source zone.

To specify a source zone, such as Trusted: src.zone = Trusted.

For more details about configuring zones using the CLI, see Zones.

src.ip

Add source IP address or domain lists.

Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses.

Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists.

src.geoip

Source GeoIP; specify a country code (for example, src.geoip = AE).

Click here for the list of ISO 3166-1 country codes.

Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.

user

Users and groups for which the safe browsing rule applies (local or LDAP).

To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors).

The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group):

user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc")

The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups.

time

Set a schedule for a rule.

To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets.