cancel
Showing results for 
Search instead for 
Did you mean: 
ois_sec
Level 7

Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

Good Morning,

So I have a list of users (20 plus) who need to be blocked from accessing the internet and only allow access to specific websites.

I have successfully created my filters by URL of approved websites. The issue I am having is defining the users to whom this will apply to.

I did create a user group in which the users are assgned in AD but cannot find a way to apply this in the rule for the proxy.

Any assistance would be appreciated.

Apologies in advance. I inherited several McAfee products and am doing my best to learn about them.

0 Kudos
1 Solution

Accepted Solutions
andyclements
Level 12

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

The property you are looking for is Authentication.UserGroups.  You can use this to check what groups the users are once they are authenticated.

I would set it up as 'Authentication.UserGroups' 'contains' <value> or 'Authentication.UserGroups' 'at least on in list' <MWG list name>.

6 Replies
exbrit
Level 21

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

Hi, could you clarify by name the McAfee product you are using so I can redirect this into the actual software sub-forum?

0 Kudos
ois_sec
Level 7

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

Apologies for that. The product is for McAfee Web Gateway 7. Appreciate your assistance.

0 Kudos
exbrit
Level 21

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

OK thanks.  Moved.

0 Kudos
andyclements
Level 12

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

The property you are looking for is Authentication.UserGroups.  You can use this to check what groups the users are once they are authenticated.

I would set it up as 'Authentication.UserGroups' 'contains' <value> or 'Authentication.UserGroups' 'at least on in list' <MWG list name>.

philiprey
Level 10

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

I second Andy's response.

In addition to that, you may also use username in case you dont have AD groups configured,

Authentication.UserGroups = AD group

Authentication.Username = domain users

You could create a list for either of these two and apply it in your policy. Your rule must be,

Authentication.Usergroups at least one in list <MWG group list> AND <URL list> with a "Stop Rule Set" action.

then set a blocking rule below that.

Regards,

Philip

ois_sec
Level 7

Re: Proxy - Block all sites and only allow specific sites for specific users.

Jump to solution

Appreciate the assistance Andy and Philipprey. Glad to know that I was atleast headed in the right direction. I just need to fix a couple of things and and the rule should be working as intended.

0 Kudos