12.10.2. Configuring safe browsing

You configure safe browsing at the security-policy safe-browsing level. For more details on the command structure, see Configuring Rules Using UPL.

You need to specify the following data:

Parameter	Description
PASS OK	Action to create a rule using UPL.
enabled	Enable/disable a rule: enabled(yes) or enabled(true). enabled(no) or enabled(false).
name	Safe browsing rule name. Example: name("Safe browsing rule example").
desc	Rule description. Example, desc("Safe browsing rule example set via CLI").
rule_log	Log traffic information if the rule is triggered. The available options are: rule_log(no) or rule_log(false): disable logging. If rule_log is not specified, logging is disabled. rule_log(yes) or rule_log(true): enable logging.
enable_adblock	Block advertising (AdBlock). enable_adblock(yes) or enable_adblock(true). enable_adblock(no) or enable_adblock(false).
url_list_exclusions	List of sites for which AdBlock is not required: url_list_exclusions("URL list name"). For more details about how to create and configure URL lists using CLI, see Configuring URL lists.
enable_injector	Inject code into web pages: enable_injector(yes) or enable_injector(true). enable_injector(no) or enable_injector(false).
custom_injector	Injector code.
safe_search	Use the safe search feature: safe_search(yes) or safe_search(true). safe_search(no) or safe_search(false).
search_history_logging	Log user search requests: search_history_logging(no) or search_history_logging(false): disable logging. If search_history_logging is not specified, logging is disabled by default. search_history_logging(yes) or search_history_logging(true): enable user search query logging.
social_sites_block	Block social network apps: cocial_sites_block(yes) or cocial_sites_block(true). cocial_sites_block(no) or cocial_sites_block(false).
src.zone	Traffic source zone. To specify a source zone, such as Trusted: src.zone = Trusted. For more details about configuring zones using the CLI, see Zones.
src.ip	Add source IP address or domain lists. Example for IP addresses: src.ip = lib.network(). Specify the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see Configuring IP addresses. Example for domains: src.ip = lib.url(). Specify the URL to which necessary domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see Configuring URL lists.
src.geoip	Source GeoIP; specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.
user	Users and groups for which the safe browsing rule applies (local or LDAP). To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see Configuring LDAP connectors). The following line describes how to add a local user (local_user) and group (Local Group), a user (example.local\AD_user), and an LDAP group (AD group): user = (local_user, "CN=Local Group, DC=LOCAL", "example.loc\\AD_user", "CN=AD group, OU=Example, DC= example, DC=loc") The Active Directory domain example.loc has been already configured. When adding LDAP users and groups, you can specify a list of paths on the server, starting from which the system will search for users and groups.
time	Set a schedule for a rule. To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets.