You configure safe browsing at the security-policy safe-browsing level. For more details on the command structure, see Configuring Rules Using UPL.
To create a safe browsing rule, use the following command:
Admin@nodename# create security-policy safe-browsing <position> upl-rule
Safe browsing rule parameters:
|
Parameter |
Description |
|---|---|
|
PASS OK |
Action to create a rule using UPL. |
|
enabled |
Enable/disable a rule:
|
|
name |
Safe browsing rule name. Example: name("Safe browsing rule example"). |
|
desc |
Rule description, for example, desc("Safe browsing rule example set via CLI"). |
|
rule_log |
Log traffic information if the rule is triggered. The available options are:
|
|
enable_adblock |
Block advertising (AdBlock).
|
|
url_list_exclusions |
List of websites for which advertisements should not be blocked: url_list_exclusions("URL list name"). For more details about how to create and configure URL lists using CLI, see Configuring URL Lists. |
|
enable_injector |
Inject code into web pages:
|
|
custom_injector |
Injector code. |
|
safe_search |
Use the safe search feature:
|
|
search_history_logging |
Log user search requests:
|
|
cocial_sites_block |
Block social network apps:
|
|
src.zone |
Traffic source zone. To specify a source zone, such as Trusted: src.zone = Trusted. For more details about how to configure zones using CLI, see the Zones section. |
|
src.ip |
Add source IP address or domain lists. To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
|
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. |
|
user |
Users and groups for which the safe browsing rule applies (local or LDAP). To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see the Configuring LDAP Connectors section). Examples of adding users to a rule: user = known user = "user" user = "testd.local\\user1" user = ("user", "testd.local\\user1") |
|
time |
Set a schedule for a rule. To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets. |
To edit a safe browsing rule, use the following command:
Admin@nodename# set security-policy safe-browsing <position> upl-rule
To view all safe browsing rules that were created, use the following command:
Admin@nodename# show security-policy safe-browsing
To view a specific safe browsing rule, use the following command:
Admin@nodename# show security-policy safe-browsing <position>
Example of creating a safe browsing rule using UPL:
Admin@nodename# create security-policy safe-browsing 1 upl-rule PASS \ ...user = known \ ...src.zone = Trusted \ ...enable_adblock(yes) \ ...safe_search(yes) \ ...rule_log(yes) \ ...name("Test safe browsing rule") \ ...desc("Test safe browsing rule description") \ ...enabled(true) ... Admin@nodename# show security-policy safe-browsing 1 % ----------------- 1 ----------------- OK \ user = known \ src.zone = Trusted \ rule_log(yes) \ enable_adblock(yes) \ safe_search(yes) \ desc("Test safe browsing rule description") \ enabled(true) \ id("406a2753-750e-4830-82a8-583043e72359") \ name("Test safe browsing rule")
To remove a safe browsing rule, use the following command:
Admin@nodename# delete security-policy safe-browsing <position>