The Barracuda SecureEdge Manager allows administrators to configure a scope-based Web Filter policy. You can now add the scope Site/Edge Service, Agents, DNS Location, or All Sources to your Web Filter policies. A Web Filter rule either blocks or allows a domain, URL category, or custom category from any source (such as IP/Network, Site, or User/Group). In addition, for the scope Site / Edge Service, you can either alert or warn users against suspicious traffic.
Before You Begin
If you want to use the users or groups from user directories (such as Microsoft Entra ID, LDAP, Google Workspace, Okta, SCIM, and Barracuda Cloud Control) for Web Filter policies, you must first connect your SecureEdge Identity Management in order to synchronize users and groups. For more information, see Identity Management.
If you want to select users or groups from user directories such as BCC-linked Microsoft Entra ID or the BCC-linked LDAP directory in Web Filter policies, you must first connect your directory with Barracuda Cloud Control in order to synchronize users and groups. For more information, see LDAP Active Directory and Microsoft Entra ID and How to Connect Microsoft Entra ID with Barracuda Cloud Control.
If you want to use DNS Location as a scope for the Web Filter rule, you must first add locations in your SecureEdge environment via Infrastructure > Locations. For more information, see How to Add a Location in SecureEdge.
Create a Web Filter Policy
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
The chosen Tenant/Workspace is displayed in the top menu bar.
Click the expandable drop-down menu and select the workspace you want to add a Web Filter policy for.
In the left menu, click the Security.
Expand the Web Filter menu on the left and select Policies.
The Policies configuration window opens. To create a new rule, click Add Rule.
The Add New Rule window opens. Specify values for the following:
Scope – Select the scope of this rule from the drop-down menu. You can choose between Site/Edge Service, All Sources, DNS Location, or Agents.
When Scope selected as Site/Edge Service, specify values for the following:
Name – Enter a unique name.
Description – Enter a brief description.
Action – Select an action type. You can choose between Allow, Block, Alert, and Warn.
If you select Action = Allow or Alert or Warn, the Silent field is disabled.
If you select Action = Block, you are provided with the option to silently block the rule:Silent – Click to enable/disable. By default, Silent field is disabled.
In the SOURCE CRITERIA section, specify values for the following:
Type – Select a source type. You can choose between Site, User/Group, and IP/Network.
If you select Site, the All Sites option is enabled by default. However, you can add a specific Site after disabling All Sites.
If you select User/Group, you must add one or more users/groups from the drop-down menu, or type to search.
If you select IP/Network, specify values for the following:
IP/Network – Enter the IP address or network, and click +.
In the DESTINATION CRITERIA section, specify values for the following:
Type – Select destination type. You can choose between Domain, Custom Categories, and URL Category.
If you select Domain, enter one or more domains and click +.
If you select Custom Categories, select the custom category from the drop-down menu, or type to search.
If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block or alert/warn. Additionally, you are also provided with the option Select All to select all sub-categories. For example, in this case, select URL Category. Note: Scroll down to add more categories and click Save.
After the configuration is complete, under the scope Site/Edge Service you can see a new policy has been created on the Policies page with all your selected categories and sub-categories. For example, in this case, expand Marketing and verify your categories and sub-categories. In addition, you can also verify the scope of your Web Filter rule displayed in the table.
When Scope selected as All Sources, specify values for the following:
Name – Enter a unique name.
Description – Enter a brief description.
Action – Select an action type. You can choose either Allow or Block.
Allow – The user can access the website.
Block – The user is blocked from viewing the website. For example, in this case, select Block.
In the DESTINATION CRITERIA section, specify values for the following:
Type – Select destination type. You can choose between Custom Categories, Domain, and URL Category.
If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block. Additionally, you are also provided with option Select All to select all sub-categories. Note: Scroll down to add more categories and click Save.
If you select Domain, enter one or more domains and click +.
If you select Custom Categories, select the custom category from the drop-down menu, or type to search. For example, in this case, select Custom Categories.
After the configuration is complete, under the scope All Sources, you can see a new policy has been created on the Policies page with your selected custom categories. For example, in this case, expand RiskySites and verify your custom categories. In addition, you can also verify the scope of your Web Filter rule displayed in the table.
When Scope selected as DNS Location, specify values for the following:
Name – Enter a unique name.
Description – Enter a brief description.
Action – Select an action type. You can choose either Allow or Block.
Allow – The user can access the website. For example, in this case, select Allow.
Block – The user is blocked from viewing the website.
In the SOURCE CRITERIA section, specify values for the following:
Type – Select Location as a source type from the drop-down menu.
All Location – By default, the All Location field is enabled. This applies to all locations for your selected tenant/workspace.
Note: If you want to add a specific location, you must first disable the All Location field and select one or more specific location from the drop-down menu, or type to search. You must select at least one location for your source.
In the DESTINATION CRITERIA section, specify values for the following:
Type – Select destination type. You can choose between Custom Categories, Domain, and URL Category.
If you select Custom Categories, select the custom category from the drop-down menu, or type to search.
If you select Domain, enter one or more domains and click +.
If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block. Additionally, you are also provided with option Select All to select all sub-categories. For example, in this case, select URL Category. Note: Scroll down to add more categories and click Save.
After the configuration is complete, under the scope DNS Location, you can see a new policy has been created on the Policies page with all your selected categories and sub-categories. For example, in this case, expand Social and verify your categories and sub-categories. In addition, you can also verify the scope of your Web Filter rule displayed in the table.
When the Scope is selected as Agents, specify values for the following:
Name – Enter a unique name.
Description – Enter a brief description.
Action – Select an action type. You can choose between Allow, Block, and Warn. For example, in this case, select Block.
In the SOURCE CRITERIA section, specify values for the following:
Type – Select a source type as User/Group.
Users – Select one or more users from the drop-down menu, or type to search.
Groups – Select one or more groups from the drop-down menu, or type to search.
In the DESTINATION CRITERIA section, specify values for the following:
Type – Select destination type. You can choose between URL Category, Domain, and Custom Categories.
If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block. Additionally, you are also provided with the option Select All to select all sub-categories.
If you select Domain, enter one or more domains and click +.
If you select Custom Categories, specify a value for the following:
Custom Categories – Select Custom Categories from the drop-down menu, or type to search, and click Save.
After the configuration is complete, under the scope Agents, you can see a new policy has been created on the Policies page with all your selected custom categories. For example, in this case, expand Security and verify the custom categories. In addition, you can also verify the scope of your Web Filter rule displayed in the table.
Edit an Existing Web Filter Policy
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
Select the workspace you want to edit a Web Filter policy for.
Go to Security.
Expand the Web Filter menu on the left and select Policies.
The Policies configuration window opens. Click on the pencil icon next to the rule you want to edit. The Edit < Your Existing Scope > configuration window opens. For example, in this case, the scope is Site/Edge Service.
The Edit < Site/ Edge Service Rule> window opens. Edit the value you are interested in.
Click Save.
Remove an Existing Web Filter Policy
Select the workspace you want to remove a Web Filter policy for.
Go to Security.
Expand the Web Filter menu on the left and select Policies.
The Policies configuration window opens. Click on the trash can icon next to the rule you want to remove.
The Delete Rule window opens.
Click OK to confirm.
Select the Default Action
You can configure web filtering either to allow or block traffic by default. In addition, you can now set Default Action to Alert.
Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.
Go to Security.
Expand the Web Filter menu on the left and select Policies.
Go to the Default Action section. From the drop-down menu, select Allow.
