Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Frequently Asked Questions : How is a policy or exception assigned to a request?
How is a policy or exception assigned to a request?
Web Protection FAQ | Web Protection Solutions | v8.2.x, v8.3.x | 16-Dec-2016
Web protection policies are used to determine how to respond to a user request for a website or Internet application. Exceptions allow administrators to identify specific websites that should be handled in a different manner than is defined in policies.
Exceptions and policies can be applied to directory clients (user, group, or OU) or computer and network clients (individual IP addresses or IP address ranges). It is therefore possible to have a policy for all of the following:
*
*
*
*
In situations where there are multiple exceptions or policies as described above, the service handling the request uses a precedence order to figure out the most applicable exception or policy:
*
User > Computer > Network > Group > OU (default)
User > Group > OU > Computer > Network
For more information about configuring the Filtering Service precedence order, see "Prioritizing group and domain policies" (version 8.3 or version 8.2).
*
User > Group > OU > IP address (filtered location)
Exceptions take precedence over policies. The general rules for determining which exception to apply are:
*
Super Administrator exceptions take precedence over exceptions created by delegated administrators, unless the Super Administrator has configured an option to allow delegated administrator exceptions take precedence.
*
*
*
*
*
If no applicable exceptions are found, the service determines which policy to apply:
*
*
*
*
If multiple group policies apply to the same user, and no higher-priority policy applies, precedence is applied based on the Use most restrictive group policy setting set on the Settings > General > Filtering page in the Web module of the TRITON Manager.
*
If the option is selected, the request is blocked if any of the applicable policies blocks the URL category.
*
If the option is not selected, the request is permitted if any of the applicable policies permits the URL category.
*
*
*
*
The Manage Role Priority option in Delegated Administration sets precedence when a user is in multiple groups managed by different delegated administrator roles.
*

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Web Protection Frequently Asked Questions : How is a policy or exception assigned to a request?
Copyright 2016 Forcepoint LLC. All rights reserved.