It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SecureEdge
Overview Documentation Training Certification Materials

How to Configure a Web Filter Policy

  • Last updated on

The Barracuda SecureEdge Manager allows administrators to configure a scope based Web Filter policy. You can now add a scope ( Site/Edge Service or All Sources) to your Web Filter policies. A Web filter rule either blocks or allows a domain, URL category or custom category from any source (such as IP/Network, Site or User/Group). In addition, for Site/ Edge Service scope, you can either alert or warn users against suspicious traffic.

wf-rules.png

Before You Begin

  • If you want to use the users or groups from user directories (such as Microsoft Entra ID, LDAP, Google Workspace, Okta, SCIM, and Barracuda Cloud Control) for Web Filter policies, you must first connect your SecureEdge Identity Management in order to synchronize users and groups. For more information, see Identity Management

  • If you want to select users or groups from user directories such as BCC-linked Microsoft Entra ID or the BCC-linked LDAP directory in Web Filter policies, you must first connect your directory with Barracuda Cloud Control in order to synchronize users and groups. For more information, see LDAP Active Directory and Microsoft Entra ID and How to Connect Microsoft Entra ID with Barracuda Cloud Control.

Create a Web Filter Policy

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Security Policy.

  3. Expand the Web Filter menu on the left and select Policies.   

    gotoWebFilterPolicies.png

  4. The Policies configuration window opens. To create a new rule, click Add Rule

    addrule-wf.png

  5. The Add New Rule window opens. Specify values for the following:

    • Scope – Select the scope of this rule from the drop-down menu. You can choose either a Site/Edge Service or All Sources.

      • When Scope selected as Site/Edge Service, specify values for the following:

        • Name – Enter a unique name.

        • Description – Enter a brief description.

        • Action – Select an action type. You can choose between Allow, Block, Alert, and Warn.
          If you select Action = Allow or Alert or Warn, the Silent field is disabled.
          If you select Action = Block, you are provided with the option to silently block the rule:

          • Silent –  Click to enable/disable. By default, Silent field is disabled.

        • In the SOURCE CRITERIA section, specify values for the following:

          • Type – Select a source type. You can choose between IP/NetworkSite, and User/Group. Note: When source type is selected as Site, All Sites are enabled. If you select source type as User/Group, you must add source users and groups receptively.

            • IP/Network – Enter the IP address or network, and click +.

              rule-site.png

        • In the DESTINATION CRITERIA section, specify values for the following: 

          • Type – Select destination type. You can choose between URL Category, Custom Categories, and Domain.

            • If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block or alert/ warn. Additionally, you are also provided with option Select All to select all sub-categories. For example, in this case select URL Category. Note: Scroll down to add more categories and click Save.

              rule-des.pngsocialmedia-add.png

            • If you select Domain, enter one or more domains and click +

            • If you select Custom Categories, select the custom category from the drop-down menu, or type to search. 

After the configuration is complete, under the scope Site/ Edge Service you can see a new policy has been created on the Policies page with all your selected categories and sub-categories. For example, in this case, expand RemoteOffices and verify your categories and sub-categories. In addition, you can also verify the scope of your web filter rule displayed in the table.

rule-remoffice.png

Note that for the Site/Edge Service scope, when source type is selected as Site, web filter rules will be enforced by the All Sites.

  • When Scope selected as All Sources, specify values for the following:

    • Name – Enter a unique name.

    • Description – Enter a brief description.

    • Action – Select an action type. You can choose either a Allow or Block.

      • Allow – The user can access the website.

      • Block – The user is blocked from viewing the website.  For example, in this case select Block.

        scope-all-src.png

    • In the DESTINATION CRITERIA section, specify values for the following: 

      • Type – Select destination type. You can choose between URL Category, Custom Categories, and Domain.

        • If you select URL Category, expand the category and click on the specific sub-categories you want to allow/block. Additionally, you are also provided with option Select All to select all sub-categories. For example, in this case select URL Category. Note: Scroll down to add more categories and click Save.

          allsource-des.pngallsource-des-02.png

        • If you select Domain, enter one or more domains and click +

        • If you select Custom Categories, select the custom category from the drop-down menu, or type to search. 

After the configuration is complete, under the scope All Sources you can see a new policy has been created on the Policies page with all your selected categories and sub-categories. For example, in this case, expand Adult-And-Social and verify your categories and sub-categories. In addition, you can also verify the scope of your web filter rule displayed in the table.

adult-social.png

Edit an Existing Web Filter Policy

For all available scopes, you cannot change the scope of an existing Web filter rule.

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to edit a web filter policy for.

  3. Go to Security Policy.

  4. Expand the Web Filter menu on the left and select Policies

  5. The Policies configuration window opens. Click on the pencil icon next to the rule you want to edit. The Edit < Your Existing Scope > configuration window opens.

    edit-adult-social.png

  6. The Edit < Site/ Edge Service Rule> window opens. Edit the value you are interested in.

    edit-win.png

  7. Click Save.

Remove an Existingt Web Filter Policy

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon and select the workspace you want to remove a web filter policy for.

  3. Go to Security Policy.

  4. Expand the Web Filter menu on the left and select Policies

  5. The Policies configuration window opens. Click on the trash can icon next to the rule you want to remove.

    del-wf.png

  6. The Delete Rule window opens.

    DeleteRule.png

  7. Click OK to confirm.

Select the Default Action

You can configure web filtering either to allow or block traffic by default. In addition, you can now set Default Action to Alert.

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. Go to Security Policy.

  3. Expand the Web Filter menu on the left and select Policies.   

  4. Go to the Default Action section. From the drop-down menu, select the Default Action as Allow.

    default-allow.png