cancel
Showing results for 
Search instead for 
Did you mean: 
imtrying
Level 10

Allowing a subset of users access to Facebook

Jump to solution

I would like to allow a subset of my authenticated users access to Facebook.  I have authenticated them with an AD group 'webusers' and have a URL policy for 'webusers'  I would like to have a rule that allows a specific AD group(FB Users) access to Facebook.  One of the challange's that I have is that we block social Media categorically for the agency.

So how can I allow FB users aroung the social media block in the webusers URL Filtering?

I think that I have a grasp of how to do it.  I would add the rule above the block that says if Authentication.userGroups contains FB Users and URL is Facebook.com Stop rule set.  but, then the EnableSafeSearchEnforcer would not run is that an issue. 

Thanks

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: Allowing a subset of users access to Facebook

Jump to solution

Here is a three-part series on using MWG7.

http://www.youtube.com/watch?v=8lMxpDYA5Wg

http://www.youtube.com/watch?v=D56wGhy6qkk

http://www.youtube.com/watch?v=LnU0Xh5_nIQ

Right at the end of the second video and at the beginning of the third video it discusses authentication and using AD groups for that use case you describe. Pause it at the 0:41 second mark and you'll see the rule that does this.

Basically you need a Stop Rule Set for

URL.Categories contains Social Networking AND

Authentication.UserGroup equals "FB Users"

Placed right above the Category Block List rule.

Edit: Authentication.Attributes that are described in the video have now been changed to Authentication.UserGroups in 7.1, but they are the same thing.

Message was edited by: eelsasser on 9/8/11 5:16:28 PM EDT
0 Kudos
5 Replies
eelsasser
Level 15

Re: Allowing a subset of users access to Facebook

Jump to solution

Here is a three-part series on using MWG7.

http://www.youtube.com/watch?v=8lMxpDYA5Wg

http://www.youtube.com/watch?v=D56wGhy6qkk

http://www.youtube.com/watch?v=LnU0Xh5_nIQ

Right at the end of the second video and at the beginning of the third video it discusses authentication and using AD groups for that use case you describe. Pause it at the 0:41 second mark and you'll see the rule that does this.

Basically you need a Stop Rule Set for

URL.Categories contains Social Networking AND

Authentication.UserGroup equals "FB Users"

Placed right above the Category Block List rule.

Edit: Authentication.Attributes that are described in the video have now been changed to Authentication.UserGroups in 7.1, but they are the same thing.

Message was edited by: eelsasser on 9/8/11 5:16:28 PM EDT
0 Kudos
imtrying
Level 10

Re: Allowing a subset of users access to Facebook

Jump to solution

That is how I had it, but I this will allow them to all social network sites.  I was trying to limit them to just having the ability to access and use facebook, so I added AND URL equals "http://www.facebook.com/" with the Stop Rule Set action, but this does not appear to work correctly.  It loads but the page is not formatted correctly (see below)

Name:
Allow FB access to Specific users

Comment:

Rule Criteria:
URL equals "http://www.facebook.com/" AND
URL.Categories<Cloud Lookup Only> contains Social Networking AND
Authentication.UserGroups contains "FB Users"

Action:
Stop Rule Set

Events:

Any suggestions.

Message was edited by: imtrying on 9/9/11 7:55:39 AM CDT
0 Kudos
asabban
Level 17

Re: Allowing a subset of users access to Facebook

Jump to solution

Hello,

I think there is something not matching with the rules you built.

Some notes to consider:

- You probably don´t want to use "equals" and URL combined. If you say URL equals http://www.facebook.com the rule will only match this specific URL, but it won´t match on https://www.facebook.com or even http://www.facebook.com/login.php which you will need to access the site at all.

- A better approach may be "URL.Host" equals "www.facebook.com" OR something like "URL" matches "*://www.facebook.com*"

- You will most likely need more than www.facebook.com. Most content comes from "static.ak.fbcdn.net", which is the Content Delivery Network behind facebook.com. They need to be added as well.

Maybe you want to share your rules with us, it might help to figure out what helps.

Edit: The screenshot you posted is most likely a result of not having the CDN whitelisted as well!

best,

Andre

Nachricht geändert durch asabban on 09.09.11 07:59:22 CDT
0 Kudos
imtrying
Level 10

Re: Allowing a subset of users access to Facebook

Jump to solution

Adding these wildcards looks like it fixed FB.

I also changed the rule to read URL matches in list:

1*www.facebook.com*
2*static.ak.fbcdn.net*
3*fbcdn.net*
4*profile.ak.fbcdn.net*

Do you see anything that I might have missed?

Thanks for the help.  This is an awsome resource.

0 Kudos
asabban
Level 17

Re: Allowing a subset of users access to Facebook

Jump to solution

Hello,

basically "*fbcdn.net*" already includes "static.ak.fbcdn.net" and "profile.ak.fbcdn.net", so you only need that entry. Anyway it does not hurt :-)

I think you may also want to add apps.facebook.com, in case Apps should be allowed. But besides that I think you should be done. I am not aware of more URLs - which doesn´t mean there are none, of course.


Thank you for sharing the information with us. I hope you enjoy the product and our community.

best,

Andre

0 Kudos