Restricting users to a defined list of URLs

Documentation | Support

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Refine Your Policies > Restricting users to a defined list of URLs

Restricting users to a defined list of URLs

Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x

Related topics:

Limited access filters and enforcement order

Creating a limited access filter

Editing a limited access filter

Limited access filters provide a very precise method of granting Internet access. Each limited access filter is a list of individual URLs, IP addresses, or regular expressions. Like category filters, limited access filters are added to policies and enforced during a specified time period. When a limited access filter is active in a policy, users assigned that policy can visit only websites in the list. All other sites are blocked.

For example, if the First Grade policy enforces a limited access filter that includes only certain educational and reference sites, students governed by the First Grade policy can visit only those sites, and no others.

When a limited access filter is active, a block page is returned for any requested URL not included in that filter.

Web protection software can support up to 2,500 limited access filters containing 25,000 URLs in total.

Limited access filters and enforcement order

When multiple group policies apply to a user, the Use most restrictive group policy setting (see Enforcement order) determines which one is used to manage the user's requests. By default, this setting is off.

Filtering Service determines which setting is less restrictive at the filter level. In cases where a user might be assigned to multiple policies, one of which is enforcing a limited access filter, "less restrictive" may sometimes seem counterintuitive.

When Use most restrictive group policy is OFF:

If the Block All category filter and a limited access filter could apply, the limited access filter is always considered less restrictive.

If any other category filter and a limited access filter could apply, the category filter is considered less restrictive.

This means that even when the limited access filter permits the site and the category filter blocks the site, the site is blocked.

When Use most restrictive group policy is ON, a limited access filter is considered more restrictive than any category filter except Block All.

The table below summarizes how the Use most restrictive group policy setting affects policy enforcement when multiple policies could apply:


	Use most restrictive group policy OFF	Use most restrictive group policy ON
limited access filter + Block All category filter	limited access filter (request permitted)	Block All (request blocked)
limited access filter + permitted category	category filter (request permitted)	limited access filter (request permitted)
limited access filter + blocked category	category filter (request blocked)	limited access filter (request permitted)
limited access filter + Quota/Confirm category	category filter (request limited by quota/confirm)	limited access filter (request permitted)

Go to the table of contents

Go to the previous page

Go to the next page

View or print as PDF

Refine Your Policies > Restricting users to a defined list of URLs

Copyright 2023 Forcepoint. All rights reserved.