Blue Coat SURF-1000-2499-2YR ユーザーズマニュアル
56
Administrator’s Guide
SurfControl Web Filter v5.5
R
ULES
A
DMINISTRATOR
Introduction
7
I
NTRODUCTION
This chapter explains how you use individual objects to build up rules that help you enforce your
Acceptable Use Policy. This will enable you to configure rules more accurately and precisely, to meet your
organization’s requirements. The rule object tabs are only visible if you have selected the default
Advanced view in the Rules Administrator. If you cannot see the Object tabs below the Rules panel, select
Advanced from the View menu.
Acceptable Use Policy. This will enable you to configure rules more accurately and precisely, to meet your
organization’s requirements. The rule object tabs are only visible if you have selected the default
Advanced view in the Rules Administrator. If you cannot see the Object tabs below the Rules panel, select
Advanced from the View menu.
To open the Rules Administrator, from the Web Filter Manager, select Content Protection > Rules
Administrator from the appropriate collector or database in the Navigation tree. The Rules Administrator
is also available from the Start > All Programs > SurfControl Web Filter menu.
Administrator from the appropriate collector or database in the Navigation tree. The Rules Administrator
is also available from the Start > All Programs > SurfControl Web Filter menu.
There are three types of rules:
•
Allow - This is the default setting for any new rule you create which uses positive filtering to give
access.
access.
•
Disallow - This type of rule uses negative filtering to deny access.
•
Allowance - This rule type uses a combination of positive and negative filtering to set up limits for
internet access. The allowance value can either be time based (allowing access for a predefined time
limit), or value based (allowing only a predefined amount of bandwidth to be consumed). Once
thisthese limits hasve been reached, access is blocked.
internet access. The allowance value can either be time based (allowing access for a predefined time
limit), or value based (allowing only a predefined amount of bandwidth to be consumed). Once
thisthese limits hasve been reached, access is blocked.
G
UIDELINES
F
OR
R
ULE
C
REATION
For best results, Surfcontrol recommends following these guidelines:
•
Place rules to be applied to individual or small groups near the top of the list. This is because rules are
processed from the top of the list downwards.
processed from the top of the list downwards.
•
Use When and Allowance objects carefully. Use reports such as Protocol Data Analysis or Protocol
Time Analysis to narrow down who these rules should apply to, before creating them. See the SRC
Administrators Guide for more details.
Time Analysis to narrow down who these rules should apply to, before creating them. See the SRC
Administrators Guide for more details.
•
Keep the number of rules to a minimum, to ensure the maximum efficiency of Web Filter.
•
Create, test and activate any global rules you create before creating user or group specific rules.
•
Ensure that only one person modifies rules at a time.
•
Ensure that the Monitor recognizes user names, to enable user based filtering.
•
Ensure auto-categorization is turned on in the Web Filter Service Settings Advanced tab. This is worth
checking if a destination specific rule is not working.
checking if a destination specific rule is not working.