User Tools

Site Tools


proxy_deny_rule50

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
proxy_deny_rule50 [2020/03/11 16:04]
zog
proxy_deny_rule50 [2020/03/15 18:07] (current)
zog
Line 12: Line 12:
 {{:​user_deny_proxy.png?​|}} {{:​user_deny_proxy.png?​|}}
  
-By default all fields are empty except the “Action” field (Deny access) ​and suggests that it's set to “all”, meaning that if you create a default blocking proxy rule and apply it to a user or a group, the proxy server will block all user's or group'​s ​httphttps and ftp communication ​that go through it completely. You can check what values are acceptable when you place the cursor ​on the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.+By default all fields are empty except the “Action” field (with "Deny access" valuewhich implies matching any value in each empty field. Thus if you create a default blocking proxy rule and apply it to a user or a group, the proxy server will completely ​block all user's or group'​s ​HTTPHTTPS and FTP communications ​that go through it. You can check which values are acceptable when you place the cursor ​over the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.
  
 The “Method” field defines the main operation that will be performed. You can find more information about methods of requesting a web-resource in https://​en.wikipedia.org/​wiki/​Hypertext_Transfer_Protocol. The “Method” field defines the main operation that will be performed. You can find more information about methods of requesting a web-resource in https://​en.wikipedia.org/​wiki/​Hypertext_Transfer_Protocol.
  
-The “Action” field allows to choose a response for a reply that user will see: a) “Deny access” - the user will see the ICS CUBE logo and a message: “Access denied”; b) “Redirect to address” - the connection will be redirected to the specified address; c) “Show message” - the user will see the ICS CUBE logo and admins specified ​message.+The “Action” field allows to choose a response for a reply that user will see: a) “Deny access” - the user will see the ICS CUBE logo and a message: “Access denied”; b) “Redirect to address” - the connection will be redirected to the specified address; c) “Show message” - the user will see the ICS CUBE logo and message ​specified by ICS CUBE admin.
  
-**Important!** For correct work of a) and c) options ​the CONNECT method should be allowed. It means that if in adding ​a blocking rule will specify ​“Any” in the “Method” field you will need to add an permitting proxy rule and specify ​CONNECT in the “Method” field. Also proxy-server should work in “Filter HTTPS traffic with decrypting” mode.+**Important!** For correct work of options ​a) and c) the CONNECT method should be allowed. It means that if you add a blocking rule with “Any” in the “Method” field you will need to add permitting proxy rule with CONNECT in the “Method” field. Also proxy-server should work in “Filter HTTPS traffic with decrypting” mode.
  
-//​Comment.//​ In adding a proxy-server rule it is possible to use a construct like - <​.domain>,​ this construct means only sub-domains. For example, .google.com in proxy deny rule will open access to google.com, but denied ​it to mail.google.com,​ drive.google.com and etc.+//​Comment.//​ In adding a proxy-server rule it is possible to use a construct like - <​.domain>,​ this construct means only sub-domains. For example, .google.com in proxy deny rule will allow access to google.com, but deny it to mail.google.com,​ drive.google.com and etc.
  
  
  
  
proxy_deny_rule50.txt · Last modified: 2020/03/15 18:07 by zog