Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Websocket Control — Include Websocket Traffic in the Filtering Process

You can include Websocket traffic in the filtering process on Secure Web Gateway. You can include all of this traffic or restrict it to particular requests based on hosts, user groups, and user names.

  1. On the user interface for Secure Web Gateway, select Policy > Web Policy > Policy.
  2. On the policy tree in the navigation panel, expand Common Rules and select Websocket Control.

    The selected rule set appears in the configuration area on the right. 

  3. Configure when this rule set should apply.

    • Under Criteria, leave the default All traffic, as you want the rules in this rule set to apply to all types of traffic.

    • Next to Applies to, leave the default Request, as you want the rules in this rule set to be processed in the request cycle of web filtering on Secure Web Gateway.

  4. Configure the rules that are preset for including Websocket traffic in the filtering process. They are shown under Preset Rules.

    There is a rule for including all of this traffic, which is enabled by default. To show the rules for restricting it, select Selectively enable Websocket traffic. You can restrict this traffic based on:

    • Hosts

    • User groups

    • User names

     To configure a rule for restricting Websocket traffic, enable it using the checkbox at the beginning of the line with the rule.

     Then click the three dots at the end to display a menu with options for list handling and work with these options to set up
     lists of host, user groups, and user names.

     Requests coming in as Websocket traffic are then filtered if they are submitted to access the hosts in the list you have set
     up or are submitted by users in your list or users belonging to the user groups in your list.         


    To enable or disable the complete rule set, use the On/Off toggle boxes at the end of the line with the rule set name.

You have now configured that Websocket traffic is included in the filtering process completely or in a restricted mode.

  • Was this article helpful?