Controlling Web Applications
Solution:Control Web Applications
In addition to URL category filtering, you can filter content by web application and/or specific operations or actions done
within those applications. Starting in SGOS 6.7.2, you can also filter content by web application group.
Here are several examples of how you can use web application controls in policy:
n Block access to web applications in the Gamification Platform group.
n Allow users to access all social networking sites, except for Facebook. Conversely, block access to all social
networking sites except for LinkedIn.
n Allow users to post comments and chat in Facebook, but block uploading of pictures and videos.
n Prevent the uploading of videos to YouTube, but allow all other YouTube operations such as viewing videos others
have posted. Conversely, prevent uploading but block access to some videos according to the video’s category.
n Allow users to access their personal email accounts on Outlook.com, AOL Mail, and Yahoo Mail, but prevent them
from sending email attachments.
Steps
1. Set web services to intercept, such as External HTTP and HTTPS. See "Set Web Services to Intercept" below.
2. Select the content filtering provider for which you have a subscription. See "Select a Content Filtering Provider"
below.
3. Decide which web applications, groups, and operations you want to control. See "Determine Which Web
Applications to Control" on page8.
4. "Create Policy to Control Web Applications" on page10.
5. "Test Web Application Policy" on page13.
6. "View the Application Mix Report" on page14.
Set Web Services to Intercept
Make sure web services, such as External HTTP (transparent port 80) and HTTPS (transparent port 443), are set to
intercept, or if your proxy is deployed explicitly, ensure that the Explicit HTTPservice has Detect Protocol enabled.
Select a Content Filtering Provider
The ProxySG uses the content filtering feature to identify web applications based on URLs. Symantec offers several
content filtering databases:
n Blue Coat WebFilter: the legacy on-box content filtering database (not covered in this solution)
n Intelligence Services (Standard): a subscription to an enhanced on-box content filtering database with basic web
application controls
n Intelligence Services (Advanced):in addition to features of the standard subscription, includes threat risk and
geolocation controls
4