You can use the Override feature of the URL Filter to grant temporary access to otherwise blocked URL categories. URL categories that are set to the override policy redirect the user to the customizable Override Block page of the URL Filter. The user can then select the override admin and request an override. The override admin must log into the override admin interface and grant the request for a specified time. When the request has been granted, the user is automatically forwarded to the website. Overrides are always granted for the entire URL category.
Video
To see URL Filter Overrides Request in action, watch the following video:
Videolink:
https://campus.barracuda.com/Before You Begin
- Create or edit existing URL Policy objects in order to use the override policy for the URL categories of your choice.
- Configure URL Filtering in the Firewall. For more information, see How to Configure URL Filtering in the Firewall.
Step 1. Create the SSL Certificate and Admin Users for the Override Admin Interface
Create or upload an SSL certificate for the Override interface. This certificate is also used for the ticketing system.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Settings.
- In the left menu, select Authentication.
- Click Lock.
Import or create the Default HTTPS Private Key and Default HTTPS Certificate.
- Click Set/Edit to add URL Filter Override Users. The URL Filter Override Users window opens.
- Click + to add a User specific data entry.
- Enter the Name. This is the username used to log into the override admin interface.
- Enter the Password.
- Enter the Full Name. The user can select this name from the dropdown on the Override Block page when requesting and override from a specific admin.
Enter the User email.
- Click Send Changes and Activate.
Step 2. Create App Redirect Access Rule for Override Admin Portal
Add an access rule to redirect the admin user to the web filter override admin page.This rule will also allow access to the guest user ticketing system.
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Click Lock.
- Create an App Redirect access rule:
- Action – Select App Redirect.
- Source – Select the source network allowed to access the web filter override portal.
- Service – Select HTTPS.
- Destination – Enter the IP address the override admin interface is accessed through. You can use any free IP address (e.g., 1.2.3.4) or an IP address on the Barracuda CloudGen Firewall that does not have a listener on port 443.
- Redirection – Enter
127.0.0.1
- Click OK.
- Place the access rule so that it is the first rule to match for HTTPS traffic to the chosen admin override IP address.
- Click Send Changes and Activate.
The admin ticketing interface is now reachable via https://1.2.3.4/cgi-bin/override-admin
(if you used 1.2.3.4 as the destination IP address in the access rule).
Granting URL Filter Override Requests
The URL Filter Override page is displayed when you attempt to access a website that is in an override URL category. To access such a blocked page, select from a drop-down list an override admin to send your access request to and then click Request Access. After the override admin grants the request, click Request Access again to continue to the previously blocked website. If the admin denies the override request, the URL category is blocked for the set duration.
For more information, see How to Grant URL Category Overrides - User Guide.
Logging for URL Filter Overrides
URL Filter overrides are logged to /Box/Firewall/Acknowledged.