Configuring an HTTP Policy

HTTP policies define which web pages are allowed or denied. There is also filtering for HTTP logs. The main URL is configured in the previous section. This section addresses how to configure the HTTP policy to allow or deny the pages under the main URL. For example, if the main URL is “facebook.com,” policies are only applicable to facebook.com and its sub-URLs.
To configure HTTP policies in Kron PAM:
Navigate to Policy > Policy.
Click the blue Add button and a pop-up will appear.
Select the Policy Key tab as HTTP Policy and click Save.
Fill in the Description and HTTP Rule Type.
If needed; turn on URL-based Rule | Header-based Rule | Content-based Rule.
a.	Create an HTTP Policy by filling in the fields as described below:
Field
Description
Description 
Enter the description of the web page. The description is only a name to distinguish the web page. 
Type 
Allow: Allowed sub-URLs under the main URL should be configured as Allow. 
Deny: If the admin wants to deny one of the sub-URLs of an allowed URL, the URL to be denied should be configured as Deny.
Filter Log: This field filters the HTTP logs that are defined in this field. This is a tool to avoid unnecessary logs. 
Multiple PoliciesIt is possible to apply more than one HTTP policy to a web page. In this scenario, the HTTP proxy checks the Deny criteria first. If the requested web page matches the Deny criteria, HTTP Proxy denies the web page; otherwise, it checks for the Allow criteria. If the requested page matches the Allow criteria, HTTP Proxy allows the web page; otherwise, HTTP Proxy denies the web page. 
Logging
All denied criteria are logged indisputably. As for the allowed criteria, HTTP Proxy checks if it is configured in the Filter Log. If not, the allowed logs are stored as well. 
URL 
To deny specific sub-URLs under the main URL, admins must specify these sub-URLs here. 
The URL can be a) Exact, b) Contains, c) Regex, and d) Is empty.

Admins can select:
a)  The exact URL can be entered as is. 
b) Contains to restrict all URLs which contain specific words.
c) Regex to define URLs by regex. 
d) Is Empty if the sub-URL is empty. 
Even if the main URL is configured as a device, as outlined in the previous section, it should be allowed in the HTTP policy as well. Generally, regex .* is used to allow the main URL and all sub-URLs. Another policy can be defined to deny the sub-URLs that should be denied.
Header Name 
A sub-web page can be restricted by a header. The Header Name should be written here, and the keywords should be defined in the Header field. 
Header 
The Header option is used if an admin user wants to restrict the web page with a keyword in the header. The Header Name of the keyword should be configured in the Header Name field. It can be selected as a) Exact, b) Contains, c) Regex, and d) Is empty.
Content 
Web pages can also be denied due to a word in the web page content. It can be selected as a) Exact, b) Contains, c) Regex, and d) Is empty.
Kron PAM HTTP Proxy Configuration
﻿
﻿

Field	Description
Description	Enter the description of the web page. The description is only a name to distinguish the web page.
Type	Allow: Allowed sub-URLs under the main URL should be configured as Allow. Deny: If the admin wants to deny one of the sub-URLs of an allowed URL, the URL to be denied should be configured as Deny. Filter Log: This field filters the HTTP logs that are defined in this field. This is a tool to avoid unnecessary logs. Multiple PoliciesIt is possible to apply more than one HTTP policy to a web page. In this scenario, the HTTP proxy checks the Deny criteria first. If the requested web page matches the Deny criteria, HTTP Proxy denies the web page; otherwise, it checks for the Allow criteria. If the requested page matches the Allow criteria, HTTP Proxy allows the web page; otherwise, HTTP Proxy denies the web page. Logging All denied criteria are logged indisputably. As for the allowed criteria, HTTP Proxy checks if it is configured in the Filter Log. If not, the allowed logs are stored as well.
URL	To deny specific sub-URLs under the main URL, admins must specify these sub-URLs here. The URL can be a) Exact, b) Contains, c) Regex, and d) Is empty. Admins can select: a) The exact URL can be entered as is. b) Contains to restrict all URLs which contain specific words. c) Regex to define URLs by regex. d) Is Empty if the sub-URL is empty. Even if the main URL is configured as a device, as outlined in the previous section, it should be allowed in the HTTP policy as well. Generally, regex .* is used to allow the main URL and all sub-URLs. Another policy can be defined to deny the sub-URLs that should be denied.
Header Name	A sub-web page can be restricted by a header. The Header Name should be written here, and the keywords should be defined in the Header field.
Header	The Header option is used if an admin user wants to restrict the web page with a keyword in the header. The Header Name of the keyword should be configured in the Header Name field. It can be selected as a) Exact, b) Contains, c) Regex, and d) Is empty.
Content	Web pages can also be denied due to a word in the web page content. It can be selected as a) Exact, b) Contains, c) Regex, and d) Is empty.

Adding a Web Page as a Device

Creating an HTTP Policy Realm