The Barracuda SecureEdge Manager allows administrators with appropriate permissions to configure Web Filter policies to protect against potential threats and enforce corporate policies. Barracuda Networks provides a large database, organized in categories, for web filtering. You can either use the provided categories to create rules, or you can specify the domains yourself. Malicious URLs are blocked in the default configuration. For example, web filtering is set to allow all and to block only defined exceptions, whereas the corresponding ACL is set to block all and to allow only defined exceptions.
Scope Web Policies
You can now create scope-based web filter policy via the SecureEdge Manager. When you create a web filter policies it will be scoped to the sources it comes from. You can now define the scope ( Site/Edge Service or All Sources) to your web filter policies. It provides a way to group web filter policies based on the service that will apply them. There are currently two scopes under the Security Policy > Web Filter > Policies.
Site/Edge Service – The Web filter rule applies to Site devices/ Edge Services. For the Site/Edge Service scope, a web filter rule either blocks or allows a domain, URL category or custom category from any source (such as IP/Network, Site or User/Group). In addition, for the web filter rule, you can now either alert or warn users against suspicious traffic. For the Site/Edge Service scope, the following actions are available for the Web Filter policy:
Allow – The user can access the website.
Block – The user is blocked from viewing the website.
Alert – The user is allowed to access websites in this category, but the action is silently logged.
Warn – The user is redirected to a warning page and must click Continue to access the requested website. For example, a web filter rule exists with SSL Inspection enabled and with a Warn action for different types of selected URL categories (such as social media and lottery). If a user visits a website that matches the filter rule, it allows access to the specific URL categories and/or websites. However, a warning page is shown. When a user clicks Continue in the browser, it will implicitly cause a security inspection.
All Sources – For the All sources scope, a Web filter rule either blocks or allows a domain, URL category or custom category from all sources. The following actions are available for the Web Filter policy:
Allow – The user can access the website.
Block – The user is blocked from viewing the website.
Additional Information
Firefox Browser Settings for SecureEdge Access
On the Firefox browser, the Encrypted Client Hello (ECH) is enabled by default. ECH relies on DNS over HTTPS (DoH) to fetch the necessary public key. For Firefox to work as expected for SecureEdge Access, you must disable DoH from a network by blocking their canary domain.
For example, you create a Web Filter policy to block a specific website (e.g., http://yahoo.com) for all users. When a user tries to access the website using Firefox, the website loads without getting blocked and the notification does not pop up on the SecureEdge Agent. However, the same page is blocked when the user uses a different browser. The reason is that you must disable DoH on Firefox.
Reporting
You can create reports and notifications using an Azure Log Analytics workspace. Your Barracuda SecureEdge service must be connected to the Azure Log Analytics workspace via the Azure Log Analytics Daemon.
For more Information, see:
How to Configure Log Streaming to Microsoft Azure Log Analytics Workspace.
How to Configure Log Streaming via the Azure Log Analytics Daemon in SecureEdge.
Further Information
For more information on User and Groups, see How to Connect Microsoft Entra ID with Barracuda Cloud Control.