HTTP Policy Configuration
HTTP policies define which web pages are permitted or denied. HTTP logs can be filtered while searching. The main URL is configured in the previous section. This section details how to configure the HTTP policy to either allow or deny the pages under the main URL. For example, if the main URL is “facebook.com”, policies are only applicable to facebook.com and its sub-URLs. The following steps define how to configure HTTP policies in Kron PAM:
- Navigate to Policy Control > Session Policy.
- Open the HTTP Policy tab.
- Create an HTTP Policy by filling in the proper fields.
Description | Description for the web page. Just a definition field. |
Type | Allow = Allowed sub-URLs of the main URL need to be configured as ALLOW. Deny = If there is a permitted main URL and an admin wants to deny a related sub-URL, the sub-URL needs to be configured as DENY. Filter Log = To filter the HTTP logs defined in this field. This is a tool to avoid unnecessary logs. There could be more than one HTTP policy defined for a webpage. If so, the HTTP proxy checks the “Deny” criteria first. If the requested webpage matches the “Deny” criteria, the HTTP Proxy will deny the webpage. If it does not match any “Deny” criteria, it checks for any “Allow” criteria. If the requested page matches the “Allow” criteria, the HTTP Proxy will allow the webpage. If it does not find any “Allow” criteria, the HTTP Proxy will deny the webpage. All denied criteria are logged indisputably. If the URL is configured as “Allow”, the HTTP Proxy checks if it is configured in the Filter Log. If it is not in the Filter Log, then allowed logs are stored as well. |
URL | If an admin wants to deny specific sub-URLs under the main URL, these sub-URLs should be specified here. The URL can be defined as “Exact”, “Contains”, “Regex”, and “Is empty”. “Exact” can be used if a URL can be provided exactly. If the admin wants to restrict all URLs containing specific words, then “contains” can be used. URLs can also be defined by regex, and in this case “regex” can be used. “Is Empty” can be used if the sub-URL is empty. Even if the main URL is configured as a device as per the previous section, it needs to be allowed in the HTTP policy as well. Generally, “regex .*” is used to allow the main URL and all its sub-URLs. Then, another policy can be defined to deny the needed sub-URLs. |
Header Name | A sub webpage can be restricted by the header. The header name needs to be added here and the keywords should be defined in the “Header” field. |
Header | If the admin wants to restrict the webpage with specific keywords in the header, this option can be used. The keyword Header Name needs to be configured in the “Header Name” field. “Exact”, ”Contains”, “Regex”, and “Is empty” can be used here. |
Content | Webpages can also be denied due to a word in the webpage content. “Exact”, ”Contains”, “Regex”, and “Is empty” can be used here. |