cancel
Showing results for 
Search instead for 
Did you mean: 

How to block access to non-company sites for IE only.

Hello,

Still pretty new to MWG.   We are running version 7.2.0.5.   I have a new scenario our security dept. would like to test on certain machines for now, to be rolled out on a wider scale after it has been tested.     They would like to block access to non-company sites via IE but allow a list of allowed domains to be accessed, some internal and some external.   They would like to force users to use Chrome instead.

Additionally they would like to block all Java applets from untrusted domains or based on site categorization in the Proxy.    In this case it wouldn't matter what browser they are using.

Could someone give me a hand and give me some recommended steps to accomplishing these tasks?

Thank you in advance,

John Gennaro

Message was edited by: john-gennaro on 5/21/13 1:03:13 PM CDT
7 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

Re: How to block access to non-company sites for IE only.

Moved from Community Help to Business > Web Gateway for better attention.

Re: How to block access to non-company sites for IE only.

Thanks Peter

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: How to block access to non-company sites for IE only.

Hi John,

How are you deploying the Web Gateway? Direct proxy or transparent setup?

Reason I ask, only direct proxy would allow for MWG to see the User-Agent for SSL requests.

For more information on User-Agents check out this article:

https://community.mcafee.com/docs/DOC-4804

Best,

Jon

Re: How to block access to non-company sites for IE only.

Hi Jon,

Direct Proxy.    Thanks for the article.   I think this will assist with the first question.   Any thoughts on the question of blocking all Java applets from untrusted domains?

Thank you in advance,

John

alexn
Level 14
Report Inappropriate Content
Message 6 of 8

Re: How to block access to non-company sites for IE only.

https://community.mcafee.com/servlet/JiveServlet/showImage/38596/1.0.0_belongs_whitelist.png

In this image do u see URL filtering.I think this will hep you.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: How to block access to non-company sites for IE only.

Hi John,

Here is a very abbreviated example, it can be expanded on much more:

You could do something like:

-Criteria:

(Header.Request.Get(User-Agent) matches *java* OR

URL.Extension matches *.jar OR

URL.Extension matches *.class) AND

URL.Host is not in list Trusted Java domains

-Action: Block

Best,

Jon

Re: How to block access to non-company sites for IE only.

Jon,

Thank you for those suggestions, I will give them a try.

Best,

John

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community