What requests are blocked or monitored at each Access Security Policy protection level?
search cancel

What requests are blocked or monitored at each Access Security Policy protection level?

book

Article ID: 174668

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Starting in SGOS 7.x, you can enable a built-in Access Security Policy layer. Refer to the "Using Policy Services" chapter in the SGOS Administration Guide and the ProxySG Security Best Practices document.

Note that some Access Security Policy features require the specified subscriptions:

  • URL category detection requires a Symantec WebFilter license/subscription or Intelligence Services Basic or Advanced subscription.
  • URL Threat Risk Level detection requires an Intelligence Services Advanced subscription is required. Rules involving Threat Risk Levels are not applied if the appliance is not entitled.

Resolution

The following table summarizes the types of requests that are blocked or monitored with each Access Security Policy protection level.

Note: When using the Strong and Maximum protection levels, some rules might trigger block actions that are access logged with reason "Scripts Removed If Present". When the block occurs, the user can still access the requested webpage, but any active scripts on the page are blocked. No change is perceptible to the user if the removal of scripts is not evident, or if the page contains no scripts.

Recommended Strong Maximum

Block/monitor the following categories:

  • Phishing
  • Malicious sources/malnets
  • Malicious outbound data/botnets
  • Child pornography
  • Hacking
  • Suspicious
  • PUS (potentially unwanted software)
  • Spam
  • Proxy Avoidance
  • Dynamic DNS Host
  • Scam/Questionable Legality
  • Compromised Sites

Block/monitor the following categories:

  • Phishing
  • Malicious sources/malnets
  • Malicious outbound data/botnets
  • Child pornography
  • Hacking
  • Suspicious
  • PUS (potentially unwanted software)
  • Spam
  • Proxy Avoidance
  • Dynamic DNS Host
  • Scam/Questionable Legality
  • Placeholders
  • Pornography
  • Compromised Sites

 

Block/monitor the following categories:

  • Phishing
  • Malicious sources/malnets
  • Malicious outbound data/botnets
  • Child pornography
  • Hacking
  • Suspicious
  • PUS (potentially unwanted software)
  • Spam
  • Proxy Avoidance
  • Dynamic DNS Host
  • Scam/Questionable Legality
  • Gambling
  • Software Downloads
  • Piracy/Copyright Concerns
  • Peer-to-peer
  • Remote Access 
  • Placeholders 
  • Pornography
  • Compromised Sites

(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:

  • Piracy/Copyright Concerns
  • Gambling
  • Adult/Mature Content
  • Pornography  

(No Threat Risk Level entitlement) Block/monitor the following categories:

  • Pornography
  • Piracy/Copyright Concerns

(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:

  • Piracy/Copyright Concerns
  • Gambling
  • Adult/Mature Content
  • Software Downloads

(No Threat Risk Level entitlement) Block/monitor the following categories:

  • Piracy/Copyright Concerns
  • Gambling

(With Threat Risk Level entitlement) Block/monitor the following categories where Threat Risk Level is 5 or higher:

  • Adult/Mature Content

(No Threat Risk Level entitlement) Block/monitor the following categories:

  • Adult/Mature Content

 

Threat Risk Level 7 and higher Threat Risk Level 7 and higher Threat Risk Level 6 and higher
  • File types including executables and archives
  • Category “none” and Threat Risk Level 5 and higher
  • File types executable, archive, etc.
  • Category “none” and Threat Risk Level 5 and higher

OR

  • File types including executables and archives
  • Categories:
    • Adult/Mature Content
    • Mixed Content/Potentially Adult
    • File Storage / Sharing
    • Web Ads / Analytics
  •  Files types executable, archive, etc.
  • Category “none” and Threat Risk Level 5 and higher

Note: This is covered by third-last rule in this level.

OR
 

  • File types including executables and archives
  • Categories:
    • Adult/Mature Content
    • Mixed Content/Potentially Adult
    • File Storage / Sharing
    • Web Ads / Analytics

 

Certain HTTP methods with Threat Risk Level 6 and higher

Certain HTTP methods with Threat Risk Level 6 and higher

Certain HTTP methods with Threat Risk Level 6 and higher

Categories:

  •       "none"
  •       Web Ads/Analytics
 AND Threat Risk Level 6 and higher

 

Categories:

  •       "none"
  •       Web Ads/Analytics
AND Threat Risk Level 6 and higher

Categories:

  •       "none"
  •       Web Ads/Analytics

AND Threat Risk Level 5 and higher

  Non-SSL traffic to port 443 Non-SSL traffic to port 443
  Strip Javascript and ActiveX from response content when category “none” and Threat Risk Level 5 and higher; request is not blocked Strip Javascript and ActiveX from response content when category “none” and Threat Risk Level 4 and higher; request is not blocked