Table of Contents
Advertisement
Configuring Policies
Use Authorize and Prohibit lists for sites
Domain component: .acme.com
disregards the protocol and introductory characters. For
example, even though there is no dot before acme in
http://acme.com, this pattern assumes www. and is
thus a match.
You can also add port numbers after the domain (:8443,
for example) as part of the site pattern to restrict access
to a particular port, preventing or allowing access
through the port depending on whether the site pattern
is on a prohibit or authorize list. If no port number is
given, all ports are matched.
Site patterns must be at last six characters in length, and they do not accept wildcard characters.
SiteAdvisor Enterprise Plus does not check for matches in the middle or end of URLs.
More examples:
Site pattern
http://www.site.com/news
The domain is http://www.site.com and the path is
/news. The URL string that matches this pattern must
have a domain that ends with http://www.site.com and
a path that begins with /news .
.acme.com:9090/downloads
The domain is .acme.com:9090 and the path is
/downloads. The URL string that matches this pattern
must have a domain that ends with .acme.com:9090
and a path that begins with /downloads .
How multiple-instance policies work
Authorize List and Prohibit List policies are called multiple-instance policies because you can
assign multiple instances of an Authorize list or a Prohibit list under a single policy. The policy
instances are automatically combined into one effective policy .
Multiple-instance policies obey the ePolicy Orchestrator laws of inheritance within a System
Tree (see Organizing Systems for Management and Managing Products with Policies and Client
Tasks in the ePolicy Orchestrator Product Guide ).
As an example, say that you configure one Authorize List policy for Group A, another for Group
B, and another for Group C. If Group A contains Group B, and Group B contains Group C, then
Group C's Authorize List policy would be an effective policy incorporating elements from all
three Authorize List policies. The Authorize list for Group C might contain all the sites listed for
Group A and Group B, plus additional sites specific to Group C. By using an effective policy,
there is no need to re-enter all the sites from Group A and Group B into the Authorize list for
Group C.
26
McAfee SiteAdvisor Enterprise Plus 3.0 Product Guide
Path component: /downloads
Result
Matches:
•
http://www.site.com/news/index.asp
•
http://www.site.com:8443/news/pages/logo.gif
Does not match:
•
https://www.site.com/news/index.asp
•
http://info.site.com:8443/news/pages/logo.gif
Matches:
•
http://www.acme.com:9090/downloads
•
http://acme.com:9090/downloads
•
https://news.acme.com:9090/downloads
Does not match:
•
http://www.myacme.com:9090/downloads
•
http://acme.com/downloads
•
https://news.acme.net:9090/downloads
Advertisement
Table of Contents
