User Tools

Site Tools


proxy_deny_rule50

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
proxy_deny_rule50 [2019/02/12 15:29]
root
proxy_deny_rule50 [2020/03/15 18:07] (current)
zog
Line 1: Line 1:
-=====Proxy Deny rule=====+=====Blocking proxy rule.=====
  
 After choosing "​Add",​ you will see the proxy deny rule settings window. In this window there are the following fields: After choosing "​Add",​ you will see the proxy deny rule settings window. In this window there are the following fields:
Line 6: Line 6:
   *     ​protocol,​   *     ​protocol,​
   *     ​method,​   *     ​method,​
-  *     user'​s ​IP-address,+  *     user IP,
   *     ​action,​   *     ​action,​
-  *     time.+  *     duration.
  
-{{bloking_proxyjpg.jpg}}+{{:​user_deny_proxy.png?|}}
  
-By default all fields are empty except the "Action" ​field (Deny access) and suggests that it's set to "all", meaning that if you create a default proxy deny rule and apply it to a user or a group, the proxy server will block all user's or group'​s ​httphttps and ftp communication ​that go through it completely. You can check what values are acceptible ​when you place the cursor ​on the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.+By default all fields are empty except the Action” field (with "Deny access" ​value) which implies matching any value in each empty field. Thus if you create a default ​blocking ​proxy rule and apply it to a user or a group, the proxy server will completely ​block all user's or group'​s ​HTTPHTTPS and FTP communications ​that go through it. You can check which values are acceptable ​when you place the cursor ​over the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE
 + 
 +The “Method” field defines the main operation that will be performed. You can find more information about methods of requesting a web-resource in https://​en.wikipedia.org/​wiki/​Hypertext_Transfer_Protocol. 
 + 
 +The “Action” field allows to choose a response for a reply that user will see: a) “Deny access” - the user will see the ICS CUBE logo and a message: “Access denied”; b) “Redirect to address” - the connection will be redirected to the specified address; c) “Show message” - the user will see the ICS CUBE logo and message specified by ICS CUBE admin. 
 + 
 +**Important!** For correct work of options a) and c) the CONNECT method should be allowed. It means that if you add a blocking rule with “Any” in the “Method” field you will need to add permitting proxy rule with CONNECT in the “Method” field. Also proxy-server should work in “Filter HTTPS traffic with decrypting” mode. 
 + 
 +//​Comment.//​ In adding a proxy-server rule it is possible to use a construct like - <​.domain>,​ this construct means only sub-domains. For example, .google.com in proxy deny rule will allow access to google.com, but deny it to mail.google.com,​ drive.google.com and etc.
  
-The "​method"​ field defines the main operation that will be performed. You can find more information about methods of requesting a web-resource in https://​en.wikipedia.org/​wiki/​Hypertext_Transfer_Protocol. 
  
-The "​action"​ field allows to choose a response for a reply that user will see: a) "​Access denied"​ or "​display a message",​ the user will see the ICS CUBE logo and a message - either "​Access denied"​ or the one the administrator will specity b) "​Redirect to an address"​ - the connection will be redirected to the specified address 
  
  
proxy_deny_rule50.1549974575.txt.gz · Last modified: 2019/02/12 15:29 by root