Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Adding or editing an exception
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Use the Policy Management > Exceptions > Add Exception or Edit Exception page to create or update an exception that overrides standard policy enforcement to block or permit specific websites for specific clients.
1.
Enter or update the unique, descriptive Name for the exception. The name must be between 1 and 50 characters long, and cannot include any of the following characters:
* < > ` ' { } ~ ! $ % & @ # " [ ] | \ ^ + = ? / ; : . ,
2.
In the URLs field, list the URLs or IP addresses to be permitted or blocked by the exception.
*
If you enter a URL in the format domain.com, both the domain and its subdomains (www.domain.com, subdomain.domain.com) are matched.
*
*
*
*
*
*
*
*
*
Enter one URL or IP address per line.
3.
*
Check Permit only when accessed via a specific site.
*
Under Approved Referer URLs, enter the sites from which access should be granted.
Access to the sites in the URLs list will be permitted only if they are accessed from an approved referer URL.
 
Note 
4.
Specify which Clients are affected by this exception.
Super Administrators can create:
*
Global exceptions that apply to all clients in all roles.
If you select this option, also specify whether or not to Allow delegated administrators to create exceptions that override this exception (see Overriding an exception).
*
Exceptions that apply to All clients in a role.
After selecting this option, select a role from the drop-down list.
*
Exceptions that apply to Specific clients in any role.
After selecting this option, you are offered 2 lists. One (on the left) shows all clients that have been Defined: added as managed clients in a delegated administration role, added to the Clients page in any role, or added to an exception. The other (on the right) shows clients Selected for this exception.
Search boxes appear above each list to help you quickly find clients to add or remove.
To add a client to the exception that does not appear in the list on the left, click Add Other Clients, then add user, group, computer (IPv4 or v6 address), or network (IPv4 or v6 address range) clients.
 
Important 
*
Delegated administrators can create exceptions that apply to All managed clients in this role or Specific clients in this role.
If you select the latter option, you are offered 2 lists. One (on the left) shows all clients Defined in your Managed Clients list and Clients page. The other (on the right) shows the clients Selected for this exception.
*
*
If a client does not appear in the Defined clients list, that individual is likely a member of a group, OU, or network (IP address range) defined as a managed client in your role. To add such a client, click Add Other Clients, then specify the user, group, or IPv4 or v6 address that you want to add.
5.
Specify the exception Type. This determines whether to Block or Permit the listed URLs for the specified clients.
If Permit only when accessed via a specific site was selected, Type was automatically set to Permit and cannot be changed.
6.
*
If you select Never, the exception is used until you delete it, or edit it to add an expiration date.
*
If you select After, enter an expiration date in the format mm/dd/yyyy, or click the calendar icon to select a date. The exception expires at midnight (based on the time set on the Filtering Service machine), when the selected day ends.
7.
Determine the exception State. By default, the exception is Active, and is immediately enforced after you cache and save your changes. If you do not want the exception to be used at this time, clear the check box.
8.
*
*
*
To override this security feature, click Advanced, then clear the Block URLs that become a security risk, even if they are permitted by exception check box.
Making this change is not recommended.
9.
To use regular expressions to define URLs that are permitted or blocked by exception, click Advanced, then enter one expression per line in the Regular expressions box.
Regular expressions can be used with exceptions that have Permit only when accessed via a specific site enabled.
To validate the expressions that you create, click Test Regular Expression. Expressions that are not supported cannot be used. See Using regular expressions for details.
Note that using large numbers of regular expressions, or using poorly-formed or overly-broad expressions, can lead to a significant decrease in performance.
10.
When you are finished making changes, click OK to cache your changes and return to the Exceptions page. Changes are not implemented until you click Save and Deploy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Copyright 2020 Forcepoint. All rights reserved.