Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Web Security Policies > Restricting users to a defined list of URLs > Limited access filters and enforcement order
Limited access filters and enforcement order
Web Security Help | Web Security Solutions | Version 7.8.x
In some cases, more than one policy could apply to a single user. This happens when a user belongs to more than one group, and the groups are governed by different policies.
When multiple group policies apply to a user, the Use more restrictive blocking setting (see Enforcement order) determines which one is used to respond to the user's requests. By default, this setting is off.
Filtering Service determines which setting is less restrictive at the filter level. In cases where a user might be assigned to multiple policies, one of which is enforcing a limited access filter, "less restrictive" may sometimes seem counterintuitive.
When Use more restrictive blocking is OFF:
*
If the Block All category filter and a limited access filter could apply, the limited access filter is always considered less restrictive.
*
This means that even when the limited access filter permits the site and the category filter blocks the site, the site is blocked.
When Use more restrictive blocking is ON, a limited access filter is considered more restrictive than any category filter except Block All.
The table below summarizes how the Use more restrictive blocking setting affects policy enforcement when multiple policies could apply:
limited access filter +
Block All category filter
Block All
(request blocked)

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Refine Web Security Policies > Restricting users to a defined list of URLs > Limited access filters and enforcement order
Copyright 2016 Forcepoint LLC. All rights reserved.