Configuring Block List
Details
Secure Web Gateway allows you to enforce a block on web traffic based on the below criterion.
- Domain Blocklist
- Connected IPs Blocklist
- Client IPs Blocklist
- Destination IPs Blocklist
- User Group Blocklist
- User Names Blocklist
- Processes
Definition
Domain Blocklist
This is a smartmatch list and it will match the said string with all domains/hosts.
This will not match the path part of the URI that matches this keyword.
Example Configuration
If the list is configured with "skyhighsecurity.com"
URLs that will trigger the BLOCK
https://www.skyhighsecurity.com/about.html
URLs that will be ALLOWED
Connected IPs Blocklist
This list expects an IP Range to be entered in CIDR notation and it will match the <Connection IP?> with
Example Configuration
If the list is configured with 192.168.10.0/24
IPs that will trigger the BLOCK
192.168.10.11
192.168.10.25
URLs that will be ALLOWED
192.168.11.22
192.168.12.24
Client IPs Blocklist
This list expects an IP Range to be entered in CIDR notation and it will match the IP Address of the Client machine (end user)
Example Configuration
If the list is configured with 10.20.23.0/15
IPs that will trigger the BLOCK
10.20.0.1 - 10.21.255.254
URLs that will be ALLOWED
IP address outside the above range
Destination IPs Blocklist
This list expects an IP Range to be entered in CIDR notation and it will match the IP Address of the Destination Server.
Example Configuration
If the list is configured for blocking access to Google based on Destination IP, we can add IP address ranges mentioned by Google on- https://www.gstatic.com/ipranges/goog.json, all Web traffic destined to these IP Ranges would be blocked.
User Groups / User Name Blocklist
This list should match User Groups received from the client side (ex. Skyhigh Client Proxy provides user group and user name information based on output of "whoami")
Example Configuration
If the list is configured for blocking access to user group "Dev" or a username "hchaturv", the traffic from these user group / user name would be blocked as per the default block template.
Processes Blocklist
This list should match the process initiating web traffic for the Skyhigh Security Cloud (ex. If the endpoint customer is using MS Edge, the process would be interpreted as msedge.exe)
Example Configuration
If the list is configured for blocking access for traffic being received from Tor browser, we can include "tor.exe" in the process block list and that should be able to block the access for any user using Tor browser.
Operators and Case-sensitivity
<to be filled>