Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configuring Block List

Details

Secure Web Gateway allows you to enforce a block on web traffic based on the below criterion.

  • Domain Blocklist
  • Connected IPs Blocklist
  • Client IPs Blocklist
  • Destination IPs Blocklist
  • User Group Blocklist
  • User Names Blocklist
  • Processes

Block List.PNG

Definition

Domain Blocklist

This is a smartmatch list and it will match the said string with all domains/hosts.

This will not match the path part of the URI that matches this keyword.

Example Configuration

If the list is configured with "skyhighsecurity.com"

URLs that will trigger the BLOCK

https://skyhighsecurity.com/

https://www.skyhighsecurity.com/about.html

URLs that will be ALLOWED

https://www.linkedin.com/company/skyhighsecurity/

Connected IPs Blocklist

This list expects an IP Range to be entered in CIDR notation and it will match the <Connection IP?> with

Example Configuration

If the list is configured with 192.168.10.0/24

IPs that will trigger the BLOCK

192.168.10.11

192.168.10.25

URLs that will be ALLOWED

192.168.11.22

192.168.12.24

Client IPs Blocklist

This list expects an IP Range to be entered in CIDR notation and it will match the IP Address of the Client machine (end user)

Example Configuration

If the list is configured with 10.20.23.0/15

IPs that will trigger the BLOCK

10.20.0.1 - 10.21.255.254

URLs that will be ALLOWED

IP address outside the above range

Destination IPs Blocklist

This list expects an IP Range to be entered in CIDR notation and it will match the IP Address of the Destination Server.

Example Configuration

If the list is configured for blocking access to Google based on Destination IP, we can add IP address ranges mentioned by Google on- https://www.gstatic.com/ipranges/goog.json, all Web traffic destined to these IP Ranges would be blocked.

User Groups / User Name Blocklist

This list should match User Groups received from the client side (ex. Skyhigh Client Proxy provides user group and user name information based on output of "whoami")

Example Configuration

If the list is configured for blocking access to user group "Dev" or a username "hchaturv", the traffic from these user group / user name would be blocked as per the default block template.

 

Processes Blocklist

This list should match the process initiating web traffic for the Skyhigh Security Cloud (ex. If the endpoint customer is using MS Edge, the process would be interpreted as msedge.exe)

Example Configuration

If the list is configured for blocking access for traffic being received from Tor browser, we can include "tor.exe" in the process block list and that should be able to block the access for any user using Tor browser.

Operators and Case-sensitivity

<to be filled>

  • Was this article helpful?