cancel
Showing results for 
Search instead for 
Did you mean: 
blackinux
Level 9

How to control users from using all Cloud Data Services using Webgateway?

Hi,

Am trying to control users from accessing or posting data to Cloud Data Services, so far am using url in list approach, but this way is not that efficient. It’s there any way I can create a policy access that cover all cloud data services without having to write one by one. Thanks!

0 Kudos
3 Replies
eelsasser
Level 15

Re: How to control users from using all Cloud Data Services using Webgateway?

You could do it by the category, Personal Network Storage with URL exceptions for some login urls., so the login doesn't get blocked.

0 Kudos
blackinux
Level 9

Re: How to control users from using all Cloud Data Services using Webgateway?

I dont see that rule in my list, am using Webgateway 7.2.0.2. Thanks.

0 Kudos
eelsasser
Level 15

Re: How to control users from using all Cloud Data Services using Webgateway?

You would have to write your own rule set. Something like this:

Read Only: Web

[Prevent POSTing of data to Categories, Applications, or Sites. This effectively makes sites Read Only.]

[] Enabled [] Enabled in Cloud
Applies to: [
] Requests [] Responses [] Embedded Objects
1: Command.Name equals "POST"

Enabled

Rule

Action

Events

Comments

[] Enabled

ReadOnly: Allowed Users or Groups
1: Authentication.UserName is in list ReadOnly: Allowed Users or Groups
2: OR Authentication.UserGroups at least one in list ReadOnly: Allowed Users or Groups

Stop Rule Set

Exception Users or Groups that are allowed to POST

[] Enabled

ReadOnly: Allowed URLs
1: URL matches in list ReadOnly: Allowed URLs

Stop Rule Set

Exception URLs that are allowed to POST

[] Enabled

ReadOnly: Categories
1: URL.Categories<URL Filter: Default> at least one in list ReadOnly: Categories

Block<Application Control>

Statistics.Counter.Increment("BlockedByApplControl",1)<Default>

Categories that are not allowed to POST

[] Disabled

ReadOnly: Sites
1: URL.SmartMatch(ReadOnly: Sites°) equals true

Block<Application Control>

Statistics.Counter.Increment("BlockedByApplControl",1)<Default>

Sites that are blocked from POSTing.

.

and select Personal Network Storage in the ReadOnly: Categories

The ReadOnly: Allowed URLs list would have something like this:

#ReadOnly: Allowed URLsException URLs that are allowed to POST
Wildcard ExpressionComment
1*login*Generic logon URL
2*logon*Generic logon URL
3*logout* Generic logout URL
4*logoff*Generic logout URL
5*auth* Generic authenticate URL
0 Kudos