Starting in SGOS 7.x, you can enable a built-in Access Security Policy layer. Refer to the "Using Policy Services" chapter in the SGOS Administration Guide and the ProxySG Security Best Practices document.
Note that some Access Security Policy features require the specified subscriptions:
The following table summarizes the types of requests that are blocked or monitored with each Access Security Policy protection level.
Note: When using the Strong and Maximum protection levels, some rules might trigger block actions that are access logged with reason "Scripts Removed If Present". When the block occurs, the user can still access the requested webpage, but any active scripts on the page are blocked. No change is perceptible to the user if the removal of scripts is not evident, or if the page contains no scripts.
Recommended | Strong | Maximum |
---|---|---|
Block/monitor the following categories:
|
Block/monitor the following categories:
|
Block/monitor the following categories:
|
(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:
(No Threat Risk Level entitlement) Block/monitor the following categories:
|
(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:
(No Threat Risk Level entitlement) Block/monitor the following categories:
|
(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:
(No Threat Risk Level entitlement) Block/monitor the following categories:
|
Threat Risk Level 7 and higher | Threat Risk Level 7 and higher | Threat Risk Level 6 and higher |
|
OR
|
Note: This is covered by third-last rule in this level. OR
|
Certain HTTP methods with Threat Risk Level 6 and higher |
Certain HTTP methods with Threat Risk Level 6 and higher |
Certain HTTP methods with Threat Risk Level 6 and higher |
Categories:
|
Categories:
|
Categories:
AND Threat Risk Level 5 and higher |
Non-SSL traffic to port 443 | Non-SSL traffic to port 443 | |
Strip Javascript and ActiveX from response content when category “none” and Threat Risk Level 5 and higher; request is not blocked | Strip Javascript and ActiveX from response content when category “none” and Threat Risk Level 4 and higher; request is not blocked |