Configure website filtering

Configure web filtering for internet access from SaaS apps.

Configure web filtering for internet access from SaaS apps

You are now ready to configure content access settings for your end users accessing the SaaS apps. For example, a link within a SaaS app can point to a malicious website. With content access settings, an administrator can take a specific website URL or a website category and allow access, block access, or redirect the request to a hosted, secure browser instance, helping to prevent browser-based attacks. For more information about the secure browser service, see Secure Browser Standard Service documentation at Secure Browser Standard Service.

Note:

A paid Secured Browser Standard Service customer (organization) gets 5,000 hours of use per year by default. For more hours, they need to buy secure browser add-on packs. You can track the usage of the Secure Browser Service. For more information, see Monitor usage.

The following illustration explains the end user traffic flow.

End user traffic flow

When a request arrives, the following checks are performed, and corresponding actions are taken:

  1. Does the request match the global allow list?

    1. If it matches, the user can access the requested website.

    2. If it does not match, website lists are checked.

  2. Does the request match the configured website list?

    1. If it matches, the following sequence determines the action.

      1. Block

      2. Redirect

      3. Allow

    2. If it does not match, website categories are checked.

  3. Does the request match the configured website category?

    1. If it matches, the following sequence determines the action.

      1. Block

      2. Redirect

      3. Allow

    2. If it does not match, the default action (ALLOW) is applied. The default action cannot be changed.

Configure website category filtering

Website categorization restricts user access to specific website categories. Administrators can select from a preset list or customize the categories depending on the deployment. The preset list enables organizations to filter web traffic by using a commercial categorization database. The auto-updating database classifies billions of websites into different categories, such as social networking, gambling, adult content, new media, and shopping. In addition to categorization, each website has a reputation score kept up-to-date based on the site’s historical risk profile. Presets are classified as strict, moderate, lenient, none, and custom. Administrators can tweak presets to add or remove website categories.

  • Strict preset minimizes the risk of accessing unsecured or malicious websites. End users can still access websites with low risk. Includes most business travel and social media websites.
  • Moderate preset minimizes the risk while allowing more categories with low probability of exposure from unsecure or malicious sites. Includes most business travel, leisure, and social media websites.
  • Lenient preset maximizes access while still controlling risk from illegal and malicious websites.
  • None preset allows all categories.
  • Custom allows configuring custom filtering of categories.

Perform the following steps to configure website category filtering.

  1. In the Secure Private Access home page, click Settings in the navigation pane.

  2. Click Web Filtering and then click Edit.

    Enable filter website categories

  3. Enable Filter website categories. Click Add in the respective section to block website categories, allow website categories, or redirect the user to a secure browser. For example, to block categories, in the blocked categories section, click Add.

  4. Select the categories to block from the list and click Add.

  5. To allow categories, in the allowed categories section, click Add. Select the categories to allow from the list and click Add.

  6. To redirect users to a secure browser, in the redirected to secure browser categories section, click Add. Select the categories from the list and click Add.

  7. Click Save.

Configure website lists filtering

The website list feature enables you to control access to specific websites. You can use wildcards, such as *.example.com/*, to control access to all the domains in that website and all the pages within that domain. Perform the following steps to configure website lists filtering.

  1. In the Secure Private Access home page, click Settings in the navigation pane.

  2. Click Web Filtering and then click Edit.

  3. Enable Filter website list. Click Add in the respective section to block websites, allow websites, or redirect the user to a secure browser. For example, to block websites, in the blocked categories section, click Add.

    Enable filter website

  4. Enter a website that users cannot access and click Add.

  5. To allow websites, in the allowed websites section, click Add. Enter the website that users can access and click Add.

  6. To redirect users to a secure browser, in the redirected to secure browser websites section, click Add. Enter a website that end users can access only from a Citrix hosted browser and click Add.

  7. Click Save for the changes to take effect.

Configure website filtering