Symantec Web Gateway can block, monitor, or allow access to categories of Web sites. For example, you can block access to gambling Web sites, allow access to business Web sites, and monitor access to entertainment Web sites. To block Web sites by category, you must have the URL filtering license.
Symantec Web Gateway applies content filter policies to embedded URLs. However, whitelisted domains and domain exceptions that you specify in content filter policies are not applied to embedded URLs. An embedded URL is when a URL contains another URL within it. The embedded URL in the following example is badurl.com:
If you use the SSL proxy, users cannot see your custom end user page when they attempt to access a domain in which no intercept policy exists. This situation can occur if you do not have an SSL intercept policy for a certain category, but you do have a content filtering blocking policy for that category. The message that they see depends on the Web browser that they use. For example, Internet Explorer displays a forbidden error message. Firefox displays a message that the proxy server refuses the connection. This issue occurs for HTTP/HTTPS or deep inspection ports.
You can configure content filter exceptions for specific Web sites. Content filter exceptions apply to a single policy. You set Symantec Web Gateway to allow, block, or monitor the Web site in each content filter exception. For example, assume that you set the Spam URLs filtering category to Block and that www.blocksads.com is in that category. For that policy, if you want to monitor access instead of block access, set a content filter exception for www.blocksads.com to Allow. These content filter exceptions act like a policy-specific blacklist or whitelist. The blacklist and whitelist in Symantec Web Gateway provide more global behavior.
Under Multiple Categories, click one of the following:
Restrictive: Block takes precedence
If a block action and an allow action both apply to a Web site, the Web site is blocked. Restrictive: Block takes precedence is the default setting.
Permissive: Allow takes precedence
If a block action and an allow action both apply to a Web site, the Web site is allowed.
Web sites can be classified under more than one category. For example, a Web site selling sports equipment might be categorized as both a sports Web site and a shopping Web site. This option determines the action that Symantec Web Gateway takes if conflicting actions apply to a Web site.
To specify the default action type for all Web site categories, click one of the following options:
By default, block all Web site categories. Attempts to access blocked Web sites appear in reports.
By default, allow access to all Web site categories.
By default, monitor all Web site categories. Access to all Web sites is allowed, but Symantec Web Gateway records visits by category for display in reports.
You can individually set the action options for specific categories or subcategories after selecting one of these options.
To specify the action type for categories, click one of the following options for the category:
By default, block Web sites in this category. Attempts to access blocked Web sites appear in reports.
By default, allow access to Web sites in this category.
By default, monitor Web sites in this category. Symantec Web Gateway allows access to Web sites in this category. Symantec Web Gateway records visits by category in reports.