Knowledge base
WebSafetica - Websites & Applications policies
Posted by Martin Trčka, Last modified by Štěpán Horký on 11 June 2019 01:00 PM

Starting in Safetica 8.3, you can choose to manage Application Control and Web Control from WebSafetica instead of Safetica Console. The new design was prepared in close cooperation with our customers and gives you better control of what rules are applied to which departments or stations.

Due to the different configuration logic, it is not possible to control these features simultaneously from both consoles. When you enable Application and Web Policies in WebSafetica, you will be prompted whether you want to import your existing settings. If you decide to revert back to using Safetica Console, your old configuration will be available again.

Enabling Application and Web Control in WebSafetica

To enable Application and Web Control in WebSafetica:

  1. Go to Policies - Websites or Policies - Applications.
  3. Tick the Enable Application and Web policies checkbox and fill in a Redirection URL for blocked websites if required. Click Continue.
  4. Choose whether you want to import existing settings from Safetica Console.

If you choose to import existing settings, the new policies will be created as follows:

  • All existing settings for blocking application or web categories, individual URL addresses, etc., will be converted to appropriate policies and applied to their respective tree nodes.
  • The original “Default action” setting is represented by “Allow all” or “Deny all” policies at the bottom of the list. Therefore, if there is no match with any preceeding policy, the evaluation reaches the “Allow all” or “Deny all” policy (depending on the original setting of “Default action”) and performs the corresponding action.
  • If the Application control or Web control was completely disabled for particular tree nodes, these nodes have the “Application control disabled” or “Web control disabled” policy applied. This policy contains the rule allowing all websites or applications. Since it is at the top of the list, it is evaluated first (see below for details on how the rules are evaluated in WebSafetica). Therefore it allows all websites or applications for given tree nodes and prevents the evaluation of the policies placed below.

This way, all the original settings are converted to policies except for discontinued options (see article Web control and Application control changes for more details).

If you want to disable the feature in WebSafetica, go to Management -> General in WebSafetica, and untick the checkbox Enable Application and Web policies.

Configuring Application and Web Control in WebSafetica

When creating rules (policies) in Application or Web Control, there are two simple rules to follow:

  1. Policies are evaluated from top to botom.
  2. First policy to match the scenario is applied and the evaluation is stopped.

This means that rules and exceptions for specific stations, users or groups should be placed on top of the list, while company-wide "catch-all" rules should be at the bottom of the list. 

Sample Web Control scenarios

1st web scenario: Block all potentially dangerous website categories for all users except management group.

2nd web scenario: The computers and users from WorkShop group should not have any access to websites apart from web category “Intranet”.

Sample Application Control scenario

Application scenario: Deny categories Alternative web browsers, Games, Keyloggers and Miners for the whole company. Allow category Games for management group.

(2 vote(s))
Not helpful