10.2 URL Rules
Open the General tab to set general rules and actions to be taken.
Description
Description of the rule (information for the administrator).
If user accessing the URL is
Select which users this rule will be applied on:
•any user — for all users (no authentication required).
selected user(s) — for selected users or/and user groups who have authenticated to the firewall.
Notes:
1.It is often desired that the firewall requires user authentication before letting them open a web page. This can be set on the Authentication Options tab in Users (refer to chapter 13.1). Using the do not require authentication option, for example a rule allowing access to certain pages without authentication can be defined.
2.Unless authentication is required, the do not require authentication option is ineffective.
•selected user(s) — applied on selected users or/and user groups.
Click on the Set button to select users or groups (hold the Ctrl and the Shift keys to select more that one user /group at once).
Note: In rules, username represents IP address of the host fro which the user is currently connected to the firewall (for details, see chapter 8.1).
And URL matches criteria
Specification of URL (or URL group) on which this rule will be applied:
•URL begins with — this item can include either entire URL
(i.e. www.kerio.com/index.html) or only a substring of a URL using an asterisk (wildcard matching) to substitute any number of characters (i.e. *.kerio.com*) Server names represent any URL at a corresponding server (www.kerio.com/*).
•is in URL group — selection of a URL group (refer to chapter 12.4) which the URL should match with
•is rated by ISS OrangeWeb Filter rating system — the rule will be applied on all pages matched with a selected category by the ISS OrangeWeb Filter
Click on the Select Rating... button to select from ISS OrangeWeb Filter cate- gories. For details, refer to chapter 10.4.
•is any URL where server is given as IP address — by enabling this option users will not be able to bypass URL based filters by connecting to Web sites by IP address rather than domain name. This trick is often used by servers offering illegal downloads.