Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3845
Views
0
Helpful
6
Replies

Override web reputation score

thomascollins
Level 3
Level 3

‎07-22-2008 09:31 PM

We have a site we regularly use, and recently it has been given a -6.0 web reputation score. Our policy is to block for -6.0 sites.

Is there any way to exempt a particular URL, and allow it, regardless of web reputation score? Seems like there should be, but I can't find it.

Thanks

Labels:
0 Helpful
6 Replies 6

ravmadir
Cisco Employee
Cisco Employee

‎07-22-2008 11:12 PM

URL categories take precedence over Web Reputation filtering, so adding the URL to the Custom URL Category and allowing it will bypass WBRS filtering.

1. From the GUI, go to Web Security Manager > Custom URL Categories.
2. Select the "Add Custom Category" button.
3. Give the Category a name and add the desired URL to the Sites list.
4. Click on Submit.
5. On the Web Security Manager tab, select the Web Access Policies link.
6. Select the URL category for the desired policy.
7. In the Custom URL Category Filtering section, select "allow" for the category created above.
8. Click on Submit.
9. Commit the changes.

-
Satish

0 Helpful

thomascollins
Level 3
Level 3

‎07-22-2008 11:32 PM

Excellent, thank you.

0 Helpful

Doc_ironport
Level 1
Level 1

‎07-26-2008 11:00 PM

Note that you should be _very_ careful with using "Allow". This will cause the site to bypass ALL security services, including Virus scanning, so before you "allow" any sites please make sure that they really are legitimate sites and not likely to be distributing viruses/malware/etc.

The alternative is to create a new web access policy which matches this specific site (via a custom category) and give this policy a different WBRS Block score.

To do this, create a new Web Access Polcy and put it above your existing policies. Under "Policy Member Definition" select "Advanced" and then "Edit Categories" and select the custom category you've created for this site. You can also add in any other criteria you wish (eg, IP ranges or authentication, etc).

Then after creating the new policy you can configure this policy to not use WBRS, and this setting will only impact sites in your custom category. All other sites will fall through to the lower down policies, and use their WBRS settings.

0 Helpful

alexandre.hamelin
Level 1
Level 1
In response to Doc_ironport

‎02-14-2011 11:34 AM

Hello. Sorry for reviving an old thread, however it's the only one I've identified that deals with the reputation score.

Doc_ironport, will using your method bypass other lower priority security policies?  If so, how can one make sure the remaining checks are still in effect?

In my case, web access is defined based on NT group membership and we have one rule (one access policy) per web category-ies. However I'm not sure what's the best way to adjust the WBRS of particular web sites with this model. Any advice?

0 Helpful

edadios
Cisco Employee
Cisco Employee
In response to alexandre.hamelin

‎02-14-2011 03:39 PM

You can follow this KB, which shows how to bypass wbrs, and still do av scan.

http://tinyurl.com/y9afggd

I hope it helps you.

Regards,

Eric

0 Helpful

thomascollins
Level 3
Level 3

‎07-28-2008 01:33 PM

Good point Doc, thanks for the idea...I've switched over to use that method.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents