Previous Topic

Next Topic

Book Contents

Book Index

Using Web Rules

You can block or allow access to specific Web pages, by defining Web rules. If a user attempts to access a blocked page, the Access Denied page appears. For information on customizing this page, see Customizing the Access Denied Page.

If desired, you can permit specific users to override Web rules. Such users will be able to view Web pages without restriction, after they have provided their username password via the Access Denied page. For information on granting Web Filtering override permissions, see Adding and Editing Users.

In addition, you can choose to exclude specific network objects from Web rule enforcement. Users connecting from these network objects will be able to view Web pages without restriction, regardless of whether they have Web Filtering override permissions. For information on configuring network objects, see Using Network Objects.

Note: Web rules affect outgoing traffic only and cannot be used to allow or limit access from the Internet to internal Web servers.

Note: Web rules differ from the Web Filtering subscription service in the following ways:

  • The Web Filtering service is subscription-based and requires a connection to the Service Center, while Web rules are included with the ZoneAlarm router.
  • The Web Filtering service is centralized, extracting URLs from HTTP requests and sending the URLs to the Service Center to determine whether they should be blocked or allowed. With Web rules, HTTP requests are analyzed in the gateway itself.
  • The Web Filtering service is category based; that is, it filters Web sites based on the category to which they belong. In contrast, Web rules allow and block specific URLs.

    You can use either content filtering solution or both in conjunction. When a user attempts to access a Web site, the ZoneAlarm router first evaluates the Web rules. If the site is not blocked by the Web rules, the Web Filtering service is then consulted. For information on the Web Filtering service, see Web Filtering.

The ZoneAlarm router processes Web rules in the order they appear in the Web Rules table, so that rule 1 is applied before rule 2, and so on. This enables you to define exceptions to rules, by placing the exceptions higher up in the Web Rules table.

For example, if you want to block all the pages of a particular Web site, except a specific page, you can create a rule blocking access to all of the Web site's pages and move the rule down in the Web Rules table. Then create a rule allowing access to the desired page and move this rule to a higher location in the Web Rules table than the first rule. In the figure below, the general rule is rule number 2, and the exception is rule number 1.

Linked Diagram Template

The ZoneAlarm router will process rule 1 first, allowing access to the desired page, and only then it will process rule 2, blocking access to the rest of the site.

The following rule types exist:Web Rule Types

Rule

Description

Allow

This rule type enables you to specify that a specific Web page should be allowed.

Block

This rule type enables you to specify that a specific Web page should be blocked.

In This Section

Adding and Editing Web Rules

Changing Web Rules' Priority

Viewing and Deleting Web Rules

Customizing the Access Denied Page

See Also

Setting Your Security Policy

The ZoneAlarm Firewall Security Policy

Default Security Policy

Setting the Firewall Security Level

Using Firewall Rules

Configuring Servers