How To: Allow a specific Website for a Single User
Allowing a specific website for a specific user(s)
To allow access to certain websites for certain users, there are two methods that can be used:
Option 1 – Create a Custom Access Policy to deny the specific website(s), and exclude the desired user(s):
-
Exclude the websites/masks from their current category
-
Include the websites/masks into a new custom category
Note: Be sure to exclude the domain of the redirect page that will be used from the new category (i.e. *.burstek.com/*;*//burstek.com/*). This will ensure that the redirect page is displayed when the new category is blocked.
-
Create a new Custom Access Policy that will deny the newly-created category with the desired website(s).
-
Apply the newly-created Custom Access Policy to all desired users
-
Either exempt, or do not apply the CAP to the users that should have access to the newly-created category.
As an example:
-
User JDoe has a Custom Access Policy, named CAP1, which is applied to a group that he is a part of. CAP1 blocks the Social Networking category.
-
You want JDoe to be allowed to http://www.facebook.com, but don’t want the rest of the AD group to be allowed to this site.
-
Follow the below steps to implement the desired filtering:
-
Exclude the following masks from the ‘Social Networking’ category:
*//facebook.com/*;*.facebook.com/*;www.facebook.com:443
-
Create a ‘Facebook’ category, and include the same masks that were excluded from the ‘Social Networking’ category:
*//facebook.com/*;*.facebook.com/*;www.facebook.com:443
-
Exclude the domain that is used for the redirect page from the new ‘Facebook’ category (i.e. for the default redirect page, *//burstek.com/*;*.burstek.com/* should be excluded)
-
Create a new Custom Access Policy (named CAP2 for this example) to deny the ‘Facebook’ category.
-
Add the new ‘Facebook’ category to the deny tab of CAP2.
-
Apply CAP2 to all users that should be denied from the ‘Facebook’ category.
-
Exempt the desired users from CAP2, so that they are able to access to ‘Facebook’.
Note: Nested groups can also be included in the ‘Exemptions’ tab of a Custom Access Policy.
Option 2 – Duplicate the policy, while excluding the desired website(s):
-
Exclude the websites/masks from their current category
-
Include the websites/masks into a new custom category
Note: Be sure to exclude the domain of the redirect page that will be used from the new category (i.e. *.burstek.com/*;*//burstek.com/*). This will ensure that the redirect page is displayed when the new category is blocked.
-
Ensure that the old Custom Access Policies that blocked the sites through the old category now block the additional category as well.
-
Exclude the user(s) from the Custom Access Policies that block the new category
-
Create a new Custom Access Policy that blocks the same categories, except for the newly created one.
As an example:
- User JDoe has a Custom Access Policy, named CAP1, which is applied to a group that he is a part of. CAP1 blocks the Social Networking category.
- You want JDoe to be allowed to http://www.facebook.com, but don’t want the rest of the AD group to be allowed to this site.
Follow the below steps to implement the desired filtering:
-
Exclude the following masks from the ‘Social Networking’ category:
*//facebook.com/*;*.facebook.com/*;www.facebook.com:443
-
Create a ‘Facebook’ category, and include the same masks that were excluded from the ‘Social Networking’ category:
*//facebook.com/*;*.facebook.com/*;www.facebook.com:443
-
Exclude the domain that is used for the redirect page from the new ‘Facebook’ category (i.e. for the default redirect page, *//burstek.com/*;*.burstek.com/* should be excluded)
-
In CAP1, add the new ‘Facebook’ category to the deny tab.
-
Exempt user JDoe from CAP1.
Note: Nested groups can also be included in the ‘Exemptions’ tab of a Custom Access Policy.
-
Create a new Custom Access Policy for user JDoe (CAP2). This CAP should deny the same categories as CAP1, minus the ‘Facebook’ category.
-
Apply CAP2 to user JDoe. To do this:
-
Right-click your domain under ‘Access Rules’, then click ‘Properties’
-
Click the ‘Individual Rights’ tab
-
Click the ‘Add’ button, then add the ‘JDoe’ user
-
Click ‘Edit’ and navigate to the ‘Custom Access Policies’ tab
-
Select the newly created Custom Access Policy (CAP2)
-