Web Filter Policies

Last updated on 2025-02-25 07:30:57

The Barracuda SecureEdge Manager allows administrators with appropriate permissions to configure Web Filter policies to protect against potential threats and enforce corporate policies. Barracuda Networks provides a large database, organized in categories, for web filtering. You can either use the provided categories to create rules, or you can specify the domains yourself. Malicious URLs are blocked in the default configuration. For example, web filtering is set to allow all and to block only defined exceptions, whereas the corresponding ACL is set to block all and to allow only defined exceptions.

A filter rule either blocks or allows a domain, category or custom category from any source, whereas an explicit rule blocks or allows URLs from specified sources. In addition, for the web filter rule, you can now either alert or warn users against suspicious traffic.

The following actions are available for the Web Filter policy :

Allow – The user can access the website.
Block – The user is blocked from viewing the website.
Alert – The user is allowed to access websites in this category, but the action is silently logged.
Warn – The user is redirected to a warning page and must click Continue to access the requested website. For example, a web filter rule exists with SSL Inspection enabled and with a Warn action for different types of selected URL categories (such as social media and lottery). If a user visits a website that matches the filter rule, it allows access to the specific URL categories and/or websites. However, a warning page is shown. When a user clicks Continue in the browser, it will implicitly cause a security inspection.

For Web Filter/ Explicit Web Filter policies, the user is provided with a Silent option to block the rule silently if Action is set to Block. Note that you can only use the Silent option for blocking a Web Filter / Explicit Web Filter rule. In addition, in the Audit log you can verify that the Silent Blocking value has been made and that notifications have been sent. The Silent option is not available if Action is set to Allow, Alert, or Warn.

The Warn action does not work with any non-SSL-inspectable domains.

For Web Filter policies, wildcards are added implicitly. For example, adding campus.barracuda.com will automatically match www.campus.barracuda.com (or any other subdomain) even without adding a wildcard.

Create a Web Filter Policy

Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to create a web filter policy for.
Go to Security Policy.
Expand the Web Filter menu on the left and select Policies.
The Policies window opens. Under Settings tab, to create a new rule, click Add Rule.
The Add New Rule window opens. Specify values for the following:
- Name – Enter a unique name.
- Description – Enter a brief description.
- Action – Select the action. You can choose between Allow, Block, Alert, and Warn.
  If you select Action = Block, you are provided with the option to silently block the rule:
  - Silent – Click to enable/disable. By default, Silent field is disabled.
  If you select Action = Allow or Alert or Warn, the Silent field is disabled.
- Type – Select the type. You can choose between Category, Domain, and Custom Category.
  - If you select Category, expand the category and click on the specific sub-categories you want to allow/block. Additionally, you are also provided with option Select All to select all sub-categories.
  - If you select Domain, enter one or more domains and click +.
  - If you select Custom Category, select a custom category from the drop-down menu, or type to search.
Scroll down to add more categories and click Save.

After the configuration is complete, you can see a new policy has been created on the Policies page with all your selected categories and sub-categories. For example, in this case, expand Adult Material and verify your categories and sub-categories.

Edit an Existing Web Filter Policy

Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to edit a web filter policy for.
Go to Security Policy.
Expand the Web Filter menu on the left and select Policies.
The Policies window opens. Click on the pencil icon next to the rule you want to edit.
The Edit Rule window opens. Edit the value you are interested in.
Click Save.

Remove an Existing Web Filter Policy

Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
In the left menu, click the Tenants/Workspaces icon and select the workspace you want to remove a web filter policy for.
Go to Security Policy.
Expand the Web Filter menu on the left and select Policies.
The Policies window opens. Click on the trash can icon next to the rule you want to remove.
The Delete Rule window opens.
Click OK to confirm.

Select the Default Action

You can configure web filtering either to allow or block traffic by default. In addition, you can now set Default Action to Alert.

Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
Go to Security Policy.
Expand the Web Filter menu on the left and select Policies.
In the SETTINGS section, select the Default Action.

Additional Information

Reporting

You can create reports and notifications using an Azure Log Analytics workspace. Your Barracuda SecureEdge service must be connected to the Azure Log Analytics workspace via the Azure Log Analytics Daemon.

For more Information, see:

Further Information

For more information on User and Groups, see How to Connect Microsoft Entra ID with Barracuda Cloud Control.