Configure website filtering

Configure web filtering for internet access from SaaS apps. If you have added a SaaS app from the Secure Workspace Access service, to return to the Citrix Secure Workspace Access service, click the hamburger icon on the top left of the navigation pane. In My Services list, select Secure Workspace Access. Click Configure content access settings.

Configure web filtering for internet access from SaaS apps

You are now ready to configure content access settings for your end users accessing the SaaS apps. For example, a link within a SaaS app can point to a malicious website. With content access settings, an administrator can take a specific website URL or a website category and allow access, block access, or redirect the request to a hosted, secure browser instance, helping to prevent browser-based attacks. For more information about the secure browser service, see Secure Browser Standard Service documentation at Secure Browser Standard Service.

Note:

A paid Secured Browser Standard Service customer (organization) gets 5,000 hours of use per year by default. For more hours, they need to buy secure browser add-on packs. You can track the usage of the Secure Browser Service. For more information, see Monitor usage.

The following illustration explains the end user traffic flow.

End user traffic flow

When a request arrives, the following checks are performed, and corresponding actions are taken:

  1. Does the request match the global allow list?

    1. If it matches, the user can access the requested website.

    2. If it does not match, website lists are checked.

  2. Does the request match the configured website list?

    1. If it matches, the following sequence determines the action.

      1. Block

      2. Redirect

      3. Allow

    2. If it does not match, website categories are checked.

  3. Does the request match the configured website category?

    1. If it matches, the following sequence determines the action.

      1. Block

      2. Redirect

      3. Allow

    2. If it does not match, the default action (ALLOW) is applied. The default action cannot be changed.

Perform the following steps to configure enhanced security settings.

  1. Click Configure Content Access.

    Configure content access

  2. Configure website category filtering or website lists or both.

Configure website category filtering

Website categorization restricts user access to specific website categories. Administrators can select from a preset list or customize the categories depending on the deployment. The preset list enables organizations to filter web traffic by using a commercial categorization database. The auto-updating database classifies billions of websites into different categories, such as social networking, gambling, adult content, new media, and shopping. In addition to categorization, each website has a reputation score kept up-to-date based on the site’s historical risk profile. Presets are classified as strict, moderate, lenient, none, and custom. Administrators can tweak presets to add or remove website categories.

  • Strict preset minimizes the risk of accessing unsecured or malicious websites. End users can still access websites with low risk. Includes most business travel and social media websites.
  • Moderate preset minimizes the risk while allowing more categories with low probability of exposure from unsecure or malicious sites. Includes most business travel, leisure, and social media websites.
  • Lenient preset maximizes access while still controlling risk from illegal and malicious websites.
  • None preset allows all categories.
  • Custom allows configuring custom filtering of categories.

Perform the following steps to configure website category filtering.

  1. Enable Filter website categories.

    Enable filter website categories

  2. Click Add in the respective section to block website categories, allow website categories, or redirect the user to a secure browser. For example, to block categories, in the blocked categories section, click Add.

    Add website category

  3. Select the categories to block from the list and click Add.

    Add category to block

  4. To allow categories, in the allowed categories section, click Add. Select the categories to allow from the list and click Add.

    Add category to allow

  5. To redirect users to a secure browser, in the redirected to secure browser categories section, click Add. Select the categories from the list and click Add.

    Add category to redirect to a secure browser

  6. Click Save.

    Save website category settings

Configure website lists filtering

The website list feature enables you to control access to specific websites. You can use wildcards, such as *.example.com/*, to control access to all the domains in that website and all the pages within that domain. Perform the following steps to configure website lists filtering.

  1. Enable Filter website list. Click Add in the respective section to block websites, allow websites, or redirect the user to a secure browser. For example, to block websites, in the blocked categories section, click Add.

    Enable filter website

  2. Enter a website that users cannot access and click Add.

    Add website to block

  3. To allow websites, in the allowed websites section, click Add. Enter the website that users can access and click Add.

    Add website to allow

  4. To redirect users to a secure browser, in the redirected to secure browser websites section, click Add. Enter a website that end users can access only from a Citrix hosted browser and click Add.

    Add website to redirect to a secure browser

  5. Click Save for the changes to take effect.

    Add website filter settings

Configure website filtering