С помощью раздела Веб-безопасность администратор может включить дополнительные параметры веб-безопасности для протоколов HTTP и HTTPS, если настроено инспектирование HTTPS. The following settings are available:
-
Block advertising (AdBlock). When visiting an otherwise safe website, the user can be exposed to undesirable images placed, for example, on the side of the webpage. NGFW решает эту проблему, блокируя рекламные баннеры.
-
The Inject Script feature enables you to insert the desired code into all web pages viewed by users. The script will be inserted before the </head> tag.
-
Forced activation of the safe search feature for Google, Yandex, Yahoo, Bing, Rambler, and Ask search engines as well as the YouTube portal. This feature allows you to delegate unwanted content blocking to the search engines, which can be highly effective, for example, at filtering responses to image or video content requests.
-
User search query logging.
-
Social network app blocking. Social networks play an ever-increasing role in our everyday lives, but many of them offer gaming apps the use of which is unwanted in most corporate settings. NGFW может блокировать приложения, не затрагивая при этом обычную функциональность социальных сетей.
You can use the following as conditions for a rule:
-
Traffic source
-
Users and groups
-
Time
Чтобы создать правило веб-безопасности необходимо нажать на кнопку Добавить в разделе Политики безопасности ➜ Веб-безопасность и указать необходимые параметры.
|
Name |
Description |
|---|---|
|
Enabled |
Enables or disables the rule. |
|
Name |
The name of the rule. |
|
Description |
A description of the rule. |
|
Enable logging |
If this is enabled, instances of the rule being triggered will be recorded in the corresponding statistics log. |
|
AdBlock |
Activates ad blocking. Нажав на Исключения, администратор может выбрать URL-список сайтов, для которых блокировать рекламу не требуется. |
|
Injector |
Enables you to insert the desired code into all web pages. Для редактирования вставляемого кода необходимо нажать на кнопку Код инжектора. |
|
Safe search |
Force-activates the safe search feature. |
|
Search History |
Turns on user search query logging. |
|
Block social network apps |
Blocks apps in popular social networks. |
|
Source |
The zone, IP address lists, Geo-IP address lists, or URL lists of the traffic source. The URL list must include only domain names. Every 5 minutes NGFW resolves domain names into IP addresses and stores the result in the internal cache for the DNS record's time-to-live (TTL). When the TTL expires, NGFW automatically updates the IP address value. Important! The traffic processing logic is as follows:
|
|
Users |
The list of users and user groups to which this rule is applied. The Any, Unknown, and Known user types can be used. To apply rules to specific users or Known users, user identification needs to be configured. For more details on user identification, see the Users and Devices chapter. |
|
Time |
The time when this rule will be active. The administrator can add the required time period in the Time Sets section. |
|
Usage |
The trigger statistics for the rule: the total trigger count and the time of the first and last trigger. To reset the trigger count, select the rules in the list and click Reset hit counts. |
|
History |
The time the rule was created and last changed as well as the related event log entries, such as rule added, rule updated, rule list position changed etc. |