Table of Contents
Advertisement
Controlling Network Access Permissions
Configuring Application Denial Policies
• "www.corporate.com" – This will block access to the host web server at the
organization "corporate.com" i.e. the FQDN. It will not block access to any other
hosts such as ftp, ntp, smtp, etc. at the organization "corporate.com".
• "corporate.com" – this will block access to all hosts at the domain "corpo-
rate.com" i.e. it will block access to www.corporate.com, ftp.corporate.com,
smtp.corporate.com, etc.
• "corporate" – This will block access to any FQDN containing the text "corporate"
in any part of the FQDN. Care should be taken to use as long as possible string
for matching to prevent inadvertently blocking sites that may contain a shorter
string match i.e. if the rule is "net" then this will block access to any sites that
have the text "net" in any part of the FQDN or .net as the FQDN suffix.
• *.corporate.com – This is an invalid rule. Wildcard "*" and other regular expres-
sions cannot be used in any part of the FQDN.
• "www.corporate.com/games" - This is an invalid rule. The filter cannot parse and
block access on text after the FQDN, i.e., in this example it cannot filter the micro-
site "/games".
Notes:
• Many global organizations have both a ".com" suffix and country specific suffix
such as ".co.uk", ".fr", ".au".etc. To block access to say the host web server in
all regional specific web sites for an organization a rule like "www.corporate"
could be used.
• Many global organizations use distributed content delivery networks such as
Akamai. In such cases creating a rule such as "www.corporate.com" may not
prevent access to the entire site. Further investigation of the content network
behavior may need to be undertaken to fully prevent access.
When using Port based rules:
There is no distinction between the TCP and UDP protocols, so care should be
taken if wishing to block a specific application port as that will apply to both IP
protocols and may inadvertently block another application using the other protocol.
138
Ruckus Wireless, Inc.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
