We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Security Gateway

How can I create a quota to grant temporary access based on time or bandwidth on my Barracuda Web Filter?

  • Type: Knowledgebase
  • Date changed: 6 years ago

Solution #00006271

Scope:
Applies to all Barracuda Web Filter appliances on all versions of firmware.

Answer:
The Barracuda Web Filter’s quota feature provides granular control for administrators to allow users access to a particular resource for a set amount of time or bandwidth. Resources include most Block/Accept format options, including Domains, URL Patterns, MIME Types, Content Filter Categories, Applications, Web Apps, or All Web Traffic. All quotas must be configured from the Block/Accept->Exceptions page, and must consist of both an Accept and a Block rule. The Accept rule is responsible for applying the quota, and will grant access to traffic for the duration of the assigned quota. After the quota is exceeded, the Accept rule will be ignored and the Block rule will take effect until the quota resets.

Configuration Examples:

Allow an LDAP user access to youtube.com for 1 hour per day:
1. Log into the Barracuda Web Filter and navigate to Block/Accept->Exceptions.
2. Beneath Add Exception, choose an Action of Allow.
3. Select Applies To and choose LDAP User/Group.
4. Enter the username in the space provided, click Lookup, and select the appropriate user.
5. Under Exception Type, select Domains.
6. In the text box next to Sub Category, enter youtube.com.
7. Next to Time Quota (min), enter 60 and click Add.
8. Begin creating a new rule by selecting Block under Action.
9. Select Applies To and choose LDAP User/Group.
10. Enter the username in the space provided, click Lookup, and select the appropriate user.
11. Under Exception Type select Domains.
12. In the text box next to Sub Category enter youtube.com and click Add.
13. There should now be two rules. Ensure that the Block rule for youtube.com falls beneath the Allow rule on the List of Exceptions.

Note: Many sites utilize multiple specialized domains. For instance, youtube.com stores all its images on ytimg.com. Therefore, the above configuration will not include youtube image traffic in its quota calculations.

Note: Times are based on estimates derived from TCP sessions. See Solution 00005501  for more information on how the Barracuda Web Filter estimates browse time.


Allow the IP range 192.168.1.32/27 access to 2GB of mpeg videos per week:
1. Log into the Barracuda Web Filter and navigate to Users/Groups->IP Subnets Groups.
2. In the space provided underneath the IP Address column, enter 192.168.1.32.
3. Underneath Netmask, enter 255.255.255.224.
4. Enter any name and click Add.
5. Navigate to Block/Accept->Exceptions.
6. Beneath Add Exception, choose an Action of Allow.
7. Next to Applies To, select IP Group and choose the appropriate name in the adjacent drop-down box.
8. Under Exception Type, select MIME Type Blocking.
9. In the text box next to Sub Category, enter audio/mpeg
10. Next to Bandwidth Quota (kB), enter 2097152, select Weekly in the adjacent drop-down box, and click Add.
11. Begin creating a new rule. Beneath Add Exception, choose an Action of Block.
12. Next to the Applies To section, select IP Group and choose the appropriate name in the adjacent drop-down box.
13. Under Exception Type, select MIME Type Blocking.
14. In the text box next to Sub Category, enter audio/mpeg and click Add.
15. There should now be two rules. Ensure that the Block rule for audio/mpeg falls beneath the Allow rule on the List of Exceptions.

Note: Applying a quota to a group of users or IPs will result in a collective counter for the entire group. In regards to the above example, a user at 192.168.1.33 can use up the entire 2GB of data assigned to the address range for the week. As a result, no other IP addresses will have access to the resource.

Note: A more comprehensive list of MIME types can be found in the Help text on the Block/Accept>MIME Type Blocking tab.


Allow a local user access to 50mb per month of access to a specific file path such as http://mydomain.com/weeklystatus.pdf:

1. Log into the Barracuda Web Filter and navigate to Block/Accept->Exceptions.
2. Beneath Add Exception, choose an Action of Allow.
3. Select Applies To and select Local User.
4. Enter the username in the space provided, click Lookup, and select the appropriate user.
5. Under Exception Type, select URL Patterns.
6. In the text box next to Sub Category, enter weeklystatus.
7. Next to Bandwidth Quota (kB), enter 51200 and click Add.
8. Begin creating a new rule by selecting Block under Action.
9. Select Applies To and select Local User.
10. Enter the username in the space provided, click Lookup, and select the appropriate user.
11. Under Exception Type, select URL Patterns.
12. In the text box next to Sub Category, enter weeklystatus.
13. There should now be two rules. Ensure that the Block rule for weeklystatus falls beneath the Allow rule on the List of Exceptions.

Note: URL Patterns require SSL Inspection in order to apply properly to HTTPS traffic. While the above solution will apply the weeklystatus quota for http traffic, the web filter is unable to view URLs for secure HTTPS traffic. For more information on SSL Inspection and how to configure this feature, please see our Techlib article at http://techlib.barracuda.com/display/BWFv60/How+to+Configure+SSL+Inspection

Note: URL Pattern rules utilize a regular expression format. More information on regular expressions can be found in the Help text on the Block/Accept->URL Patterns tab.

Additional Notes:
Exceeding a quota may not immediately block a user. It may take up to 5 minutes from when a user exceeds the quota until the user is blocked from the restricted resource.

Daily quotas are cleared every morning at midnight.
Weekly quotas are cleared every Monday at midnight.
Monthly quotas are cleared on the first day of every month at midnight.

Link to this page:

https://campus.barracuda.com/solution/501600000013NtEAAU