To allow and deny access to Web applications and operations, you create policy rules in the Web Access Layer.
1. Launch the Visual Policy Manager (VPM).
a. In the Management Console, select Configuration > Policy > Visual Policy Manager.
b. Click Launch.
2. Add a Web Access Layer.
a. Select Policy > Add Web Access Layer.
b. For Layer Name, enter a descriptive name and click OK.
3. Right-click the Destination column within the rule, and select Set.
4. To control Web applications, click New and select Request URL Application (Application Name). In the new window that opens,
select the check box of the application(s) you want to control and click OK.
5. (Optional) To control Web operations:
a. Click New and select Request URL Operation (Application Operation).
b. In the Supporting application list, select the Web application(s) you want to control.
c. Select the check box of the operation(s) you want to control.
d. Click OK.
6. Set Action to Allow or Deny, depending on the policy you want to create.
7. Click Install policy.
The following example demonstrates how to add a policy to control YouTube operations. With this policy, users will not be
able to post messages or upload videos in the YouTube application; all other operations will be allowed.
1. Launch the VPM.
2. Add a Web Access Layer. Name the layer YouTube Controls.
3. Right-click the Destination column within the rule, and select Set.
4. Click New and select Request URL Application.
5. In the application list, scroll down and select the YouTube check box.
6. In the Name field, enter a descriptive name such as YouTube-App, click OK.
7. Add an object to deny Post Messages and Upload Video operations on YouTube.
a. Click New and select Request URL Operation.
b. Under the Supporting application pull-down menu, select YouTube.
c. Select the operations you want to block: Upload Video and Post Messages.
d. Name this object Youtube-Operations.
e. Click OK.
8. Create a combined object.
a. Click New and select Combined Destination Object.
b. Add YouTube-App to the upper-right box and add and YouTube-Operations to the lower-right box. This
ensures that both conditions must match for this policy to deny requests.
c. Name the combined object YouTube app-op controls. Click OK.
9. Make sure the Action is set to Deny.
10. Install the policy.
You can verify the full policy details on the ProxySG. In the VPM, click View > Current SG Appliance VPM Policy Files.
If you have multiple access layers in the VPM, you can see the order in which the rules will be applied in the CPL
(content policy language) file. On the VPM, go to View > Generated CPL.
Test the policy by verifying that you cannot access blocked Web applications.
1. Open a Web browser that is configured to use the ProxySG as a proxy. Make sure that you are not using the same
browser that you are currently using to access the Management Console.
2. Launch the application that you created a policy for. For example, if you created a policy to deny Facebook access,
you will see a corresponding ‘access denied’ or ‘web page not found’ error depending on how you have configured
the Deny functionality.
3. To customize the web page containing the error message displayed to users when they are denied access to a
URL, refer to the Exception Pages solution in the First Steps WebGuide.
Verify that you cannot perform blocked web operations and can perform operations that are allowed.
1. Open a Web browser that is configured to use the ProxySG as a proxy.
2. Launch the application you created a policy for. Make sure you can perform operations that are allowed and are
denied access to the blocked operations. For example, if you created a policy to block Post Message and Upload
Video operations in YouTube, go to YouTube and try to upload a file or post a comment; these operations should be
denied. Other operations, such as playing videos, should be allowed.
-----------
If the controls are not working as expected, please check the SSL Interception as mentioned in the following article: Web Application controls do not seem to work with sites like Facebook, Google+, Twitter, etc.