How do I...
- Exclude a Group from a Custom Access Policy
- How to create an appropiate URL mask
- Add .PNG and/or .ICO file extension to Multimedia
- Manually change color of Chat or any category
- Block some categories 24 by 7, restrict others by bandwidth or time during specific hours
- Exempting users from an Internet access policy
- Setting a quota and applying it to a group
- Assigning a quota to specific users (not groups)
- Creating a custom category
- Excluding a Web site from a pre-defined category
- Replicating policies and settings across multiple servers
- Applying a single quota to all Internet access
Q: Exclude a Group from a Custom Access Policy?
WebFilter 4.50.26 and above, it is now possible to exclude nested Active Directory groups from their parent groups defined in a “Custom Access Policy”.
Nesting occurs when one group is made a member of another group, and the nested group inherits all of the privileges and permissions that are granted to the parent.
Consider the Following Example:
The members of the Active Directory group “Finance” who are a subgroup of the “Business Services” group need access to the “Financial” category in WebFilter but not all members of the “Business Service Group” should be granted access.
In the bt-Webfilter console, you can use the “Display Group Members” feature locate and exempt the “Financial Group” from the Custom Access Policy.
To exempt members of one group from another group's policy, do the following:
- Right click the ‘Custom Access Policy’ from which you wish to exempt a group
- Select "Properties"
- Select the “Exemptions” tab
- Select “Add”
- Select “User”
- Select “Browser Domain”
- The “Select Users or Groups” window appears
- Type in the name of the group (in this example, type “Finance”)
- Select “Check Names”
- The “Finance” group will now be underlined (Resolved to an existing Active Directory group)
- Select “OK”
- Select “OK” again
- Select Apply and OK
TOP
Q: How to create an appropiate URL mask?
Typically the user would use two masks to safely filter a certain domain into a desired category.
Following is how masks are input for the domain example.com:
*.example.com*;*//example.com*
Note that multiple masks can be entered at once when separated by a semicolon (;).By enclosing each mask in the wildcard asterisks (*), the navigation to example.com directly or by use of any sub-domain, top-level domain, or folder within (such as mail.example.com or example.com/example1.asp), would also be covered.
TOP
Q: Add .PNG and/or .ICO file extension to Multimedia?
- Right click the bt-LogAnalyzer Server in the left navigation tree
- Select Properties
- Click the Pseudo-Categories tab
- Select Multimedia
- Click the Change button
- Click the Add button
- The radio button for File Extensions should be selected by default
- Click the Drop-down arrow, scroll to .PNG, select it
- Click OK, OK, OK
- Note: Follow same instructions above to add .ico
TOP
Q: Manually change color of Chat or any category?
- Open the LogAnalyzer MMC
- Right click bt-LogAnalyzer Server from the left navigation pane
- Select Properties
- Click the Colors tab
- Scroll down and highlight Chat (or any other category)
- Click the Change button from the popup window
- Click the Select button
- Select the appropriate color
- Click OK, OK, and OK
TOP
Q: Block some categories 24 by 7, restrict others by bandwith or time during specific hours?
Block 'legal liability' Web sites containing XXX, Criminal Skills, Extreme & Violent, Gambling, Hate Speech, and Hacking for all users, all day, every day.
For those same users, allow access to Entertainment, Humor, Shopping, and Sports categories before and after normal business hours and during lunch period. Additionally for the same group of users, limit the amount of time or bandwidth for each user for the ‘Entertainment,’ ‘Humor,’ ‘Shopping,’ and ‘Sports.’
After starting the bt-WebFilter management console:
- Create a Schedule for the 'Allow' periods for Sports, etc.
- Right-click Schedules in the left navigation tree, select 'New Schedule'
- Click Properties
- Hold down the left mouse button dragging to select appropriate time period
- Click the Active radio button
- Click Apply and OK
- Create a Schedule for the 'Deny' periods for Sports, etc.
- Right-click Schedules in the left navigation tree, select 'New Schedule'
- Click Properties
- Hold down the left mouse button dragging to select appropriate time period
- Click the Active radio button
- Click Apply and OK
- Create a Quota for Entertainment, Sports, etc.
- Right-click Schedules in the left navigation tree, select 'New Quota'
- Select Daily, Weekly or Monthly
- Select Strict (block after quota is reached); Lite (report only after quota reached)
- Input Bandwith (KB) limit and/or Time limit
- Click Apply and OK
- Apply the 'allow' policy to Users.
- Under the domain, right-click 'Domain Users' in the left navigation tree '
- Select properties
- Click Allow tab
- Click Add
- In the new popup window, click Details
- Check boxes for Entertainment, Humor, Shopping, and Sports
- Click Schedule tab and from the drop down list, select the new 'allow' schedule created in step 1
- Click Quota tab, from the drop down list; select the new Quota created in step 3
- Click Apply and OK
- Apply the 'deny' policy to Users.
- Click Deny tab
- Click Add
- In the new popup window, click Details
- Check boxes for Entertainment, Humor, Shopping, and Sports
- Click Schedule tab and from the drop down list, select the new 'deny' schedule created in step 2
- Check boxes for Sex, Criminal Skills, Extreme and Violent, Gambling, Hate Speech, Hacking
- Click Schedule tab and from the drop down list, select '24 x 7'
- Click Apply and OK
TOP
Q: Exempting a Specific User?
Exempting users like upper management or domain administrators from this policy.
After starting the bt-WebFilter management console:
- Right-click Domain in the left navigation tree, select Properties
- Click Full Access Users tab
- Click Add
- Select the appropriate user from the Active Directory user list
- Click Add
- Click OK
TOP
Q: Setting a Quota and applying it to a group?
After opening the WebFilter Management Console:
- Defining the Quota
- Right-click on 'Quotas'
- Select 'New Quota'
- Select 'Daily', 'Weekly' or 'Monthly'
- Select 'Strict' to block after quota is reached or 'Lite' to report only
- Enter the appropriate bandwidth and/or time
- Applying the Quota
- Right-click on the appropriate Group
- Select the 'Allow' tab
- Click 'Add'
- Select the 'Details' tab
- NOTE: to apply a single quota for all Internet access, before clicking the Details tab, check the URL radio button, then enter a single asterisk (*) in the Details
- Check the box for the appropriate category or categories
- Click the 'Quota' tab
- Select the quota from the drop-down list
- Select 'same quota for each group member' or 'single quota for the group'
- Click 'Apply'
TOP
Q: Assigning a Quota to a Specific User?
After starting the WebFiler management console:
- Right-click Domain in the left navigation tree, select Properties
- Click Personal Quota tab
- Click Add
- Click Add
- Select the appropriate user from the Active Directory user list
- Click Add
- Select the Quota from the drop down list
- Click OK
TOP
Q: Customizing the Burstek Category List?
Your organization requires a report on employee activity accessing the company intranet.
After starting the bt-LogAnalyzer or bt-WebFilter management console:
- Create a new category for the company intranet
- Right-click URL Control List in the left navigation tree
- Select 'New Category in the new popup window
- Click Included URLs tab
- Click Add
- Enter a 'wildcard mask' for the website (i.e. if the website is Burstek and the site contains multiple web pages, enter *www.burstek.com*)
- NOTE: all masks must start and end with an asterisk (*)
- Click OK
- Create a new report for the category created in step 1
- Right-click Reports in the left navigation tree, select 'New Report'
- Click the Customize tab
- Click the Edit button for Categories
- Click Select Individual Categories radio button
- Check the box next to the category created in step 1
- Click Apply and OK
NOTE:
To reduce the output, check Top Users Activity - Web Pages box and uncheck all other boxes.
To report on the top xx number of users, check the Maximum Report Lines box and enter the appropriate number.
TOP
Q: Excluding a Web site from a pre-defined category?
Your organization would like to exclude a web page from one of the pre-defined categories.
After starting the bt-WebFilter or bt-LogAnalyzer management console:
- Exclude a web site or web page from a known category
- Click the plus sign(+) next to the URL Control List in the left navigation tree
- Click the plus sign(+) next to the appropriate category name
- Click the plus sign(+) next to Excluded URLs
- Right-click on Own URLs
- Select New URL
- Enter a 'wildcard mask' for the website (i.e. Enter *www.burstek.com*)
- NOTE: all masks must start and end with an asterisk (*)
- Click OK
TOP
Q: Replicating policies and settings across multiple servers?
Keep multiple proxy servers in sync with filtering policies, Schedules, Active Directory changes, URL Category List updates.
After starting the bt-WebFilter management console:
- Right-click the top node (your server name) in the left navigation tree
- Click Replication Options tab
- Click Add and enter the DNS or IP of the other servers
- NOTE: each server must have Burstek's WebFilter software installed
- Click Manual Replication button
- Click the Replicate Now button to initially synchronize all servers
- C lick the Automatic Replication button
TOP
Q: Applying a single quota to all Internet access?
After starting the bt-WebFilter management console:
- Right-click the 'Domain Users' group
- Select Properties
- Click the Allow tab
- Click Add button
- Click the Details tab
- Enter a single Asterisk (*)
- Click the Quota tab
- Enter and apply your quota
- NOTE: Quota must be defined previously (See setting a quota and applying it to a group above.)
TOP
