It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure URL Filter Overrides

  • Last updated on

You can use the Override feature of the URL Filter to grant temporary access to otherwise blocked URL categories. URL categories that are set to the override policy redirect the user to the customizable Override Block page of the URL Filter. The user can then select the override admin and request an override. The override admin must log into the override admin interface and grant the request for a specified time. When the request has been granted, the user is automatically forwarded to the website. Overrides are always granted for the entire URL category.

Video

To see URL Filter Overrides Request in action, watch the following video:

Before You Begin

  • Create or edit existing URL Policy objects in order to use the override policy for the URL categories of your choice.
  • Configure URL Filtering in the Firewall. For more information, see How to Configure URL Filtering in the Firewall.

Step 1. Create the SSL Certificate and Admin Users for the Override Admin Interface

Create or upload an SSL certificate for the Override interface. This certificate is also used for the ticketing system.

  1. Go to CONFIGURATION  > Configuration Tr ee > Box > Assigned Services > Firewall > Forwarding Settings .
  2. In the left menu, select Authentication.
  3. Click Lock.
  4. Import or create the Default HTTPS Private Key and Default HTTPS Certificate.

    This SSL certificate is also used by inline and offline firewall authentication. If inline authentication is used, the Name of the certificate must be the IP address or an FQDN resolving to the IP address of the Barracuda CloudGen Firewall. This value is used to redirect the client to the authentication daemon.

  5. Click Set/Edit to add URL Filter Override Users. The URL Filter Override Users window opens.
  6. Click + to add a User specific data entry. 
  7. Enter the Name. This is the username used to log into the override admin interface.
  8. Enter the Password.
  9. Enter the Full Name. The user can select this name from the dropdown on the Override Block page when requesting and override from a specific admin.
  10. Enter the User email.

  11. Click Send Changes and Activate.

Step 2. Create App Redirect Access Rule for Override Admin Portal

Add an access rule to redirect the admin user to the web filter override admin page.This rule will also allow access to the guest user ticketing system.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
  2. Click Lock.
  3. Create an App Redirect access rule:
    • Action  Select App Redirect.
    • Source – Select the source network allowed to access the web filter override portal.
    • Service – Select HTTPS.
    • Destination – Enter the IP address the override admin interface is accessed through. You can use any free IP address (e.g., 1.2.3.4) or an IP address on the Barracuda CloudGen Firewall that does not have a listener on port 443.
    • Redirection  Enter 127.0.0.1
    WF_Override_01.png
  4. Click OK.
  5. Place the access rule so that it is the first rule to match for HTTPS traffic to the chosen admin override IP address.
  6. Click Send Changes and Activate.

The admin ticketing interface is now reachable via https://1.2.3.4/cgi-bin/override-admin (if you used 1.2.3.4 as the destination IP address in the access rule).

Granting URL Filter Override Requests

JavaScript must be enabled in the client browser for the override request to be sent.

WF_Override_UserGuide03.png

The URL Filter Override page is displayed when you attempt to access a website that is in an override URL category. To access such a blocked page, select from a drop-down list an override admin to send your access request to and then click Request Access. After the override admin grants the request, click Request Access again to continue to the previously blocked website. If the admin denies the override request, the URL category is blocked for the set duration.

For more information, see How to Grant URL Category Overrides - User Guide.

Logging for URL Filter Overrides

URL Filter overrides are logged to /Box/Firewall/Acknowledged.
WF_Override_02.png