HTTP Policy Configuration

http policies define which webpages are permitted or denied http logs can be filtered while searching the main url is configured in the previous section this section details how to configure the http policy to either allow or deny the pages under the main url for example, if the main url is “facebook com”, policies are only applicable to facebook com and its sub urls the following steps define how to configure http policies in single connect navigate to policy control > session policy open the http policy tab create an http policy by filling in the proper fields description description for the web page just a definition field type allow = allowed sub urls of the main url need to be configured as allow deny = if there is a permitted main url and an admin wants to deny a related sub url, the sub url needs to be configured as deny filter log = to filter the http logs defined in this field this is a tool to avoid unnecessary logs there could be more than one http policy defined for a webpage if so, the http proxy checks the “deny” criteria first if the requested webpage matches the “deny” criteria, the http proxy will deny the webpage if it does not match any “deny” criteria, it checks for any “allow” criteria if the requested page matches the “allow” criteria, the http proxy will allow the webpage if it does not find any “allow” criteria, the http proxy will deny the webpage all denied criteria are logged indisputably if the url is configured as “allow”, the http proxy checks if it is configured in the filter log if it is not in the filter log, then allowed logs are stored as well url if an admin wants to deny specific sub urls under the main url, these sub urls should be specified here the url can be defined as “exact”, “contains”, “regex”, and “is empty” “exact” can be used if a url can be provided exactly if the admin wants to restrict all urls containing specific words, then “contains” can be used urls can also be defined by regex, and in this case “regex” can be used “is empty” can be used if the sub url is empty even if the main url is configured as a device as per the previous section, it needs to be allowed in the http policy as well generally, “regex ” is used to allow the main url and all its sub urls then, another policy can be defined to deny the needed sub urls header name a sub webpage can be restricted by the header the header name needs to be added here and the keywords should be defined in the “header” field header if the admin wants to restrict the webpage with specific keywords in the header, this option can be used the keyword header name needs to be configured in the “header name” field “exact”, ”contains”, “regex”, and “is empty” can be used here content webpages can also be denied due to a word in the webpage content “exact”, ”contains”, “regex”, and “is empty” can be used here