Web Protection Policies > Enforcement order > Responding to a URL request
|
1.
|
Checks the active protocol filter and determines whether any non-HTTP protocols are associated with the request.
|
2.
|
Attempt to match the site to an entry in the Recategorized URLs list for use later in the policy enforcement process. (SeeReclassifying specific URLs for details on recategorized URLs.)
|
|
If a match is not made, use the category from the Forcepoint URL Database.
|
3.
|
|
If there is a block exception, block the site.
|
|
If there is a permit exception, permit the site.
|
|
If the cloud app is explicitly permitted in the cloud app filter, not included in the cloud app filter, or explicitly permitted in a policy exception, the list of managed cloud applications on the Settings > CASB Configuration > Protected Cloud Apps page is read.
|
|
If the policy being applied is configured to Forward traffic to Forcepoint CASB on the Protected Cloud Apps page and if the app has been selected as an app to be managed by CASB Enforcement, the request is forwarded to CASB Enforcement.
|
|
If the policy being applied is configured to Forward traffic to Forcepoint CASB on the Protected Cloud Apps page and if the cloud app is permitted but is not a selected managed cloud app, Filtering Service handles the request.
|
|
If the policy being applied is not configured to Forward traffic to Forcepoint CASB on the Protected Cloud Apps page, Filtering Service handles the request.
|
|
If Block all high risk apps is enabled and the cloud app is considered high risk, the request is blocked unless the cloud app is explicitly permitted.
|
|
If the cloud app filter does not list the cloud app as specifically blocked or permitted, and Block all high risk apps is not enabled, continue to the next step.
|
5.
|
Determines which category filter or limited access filter the policy enforces for the current day and time.
|
|
If the active category filter is Permit All, permit the site.
|
|
If the active category filter is Block All, block the site.
|
|
If the filter is a limited access filter, check whether the filter contains the URL or IP address. If so, permit the site. If not, block the site.
|
|
If the action is Block, block the site.
|
8.
|
Checks for Bandwidth Optimizer settings in the active category filter (see Using Bandwidth Optimizer to manage bandwidth).
|
9.
|
Checks for file type restrictions applied to the active category (see Managing traffic based on file type).
|
10.
|
Checks for blocked keywords in the URL and CGI path, if keyword blocking is enabled (see Keyword-based policy enforcement).
|
|
Permit: Permit the site.
|
|
Limit by Quota: Display the block message with an option to view the site using quota time or go back to the previous page.
|
|
Confirm: Display the block message with the option to view the site for work purposes.
|
Web Protection Policies > Enforcement order > Responding to a URL request
|