Content Gateway filtering rules

Content Gateway supports the ability to create rules that inspect requests for certain parameters and, when matched, apply a specified action. Rules can be created to:

  • Deny or allow URL requests
  • Insert custom headers
  • Allow specified applications, or requests to specified websites to bypass user authentication
  • Keep or strip header information from client requests
  • Prevent specified applications from transiting the proxy
Note: To create rules for IWA, NTLM, and LDAP user authentication, see Rule-Based Authentication. To get started with Content Gateway user authentication options, see Content Gateway user authentication.

Use the Configure > Security > Access Control > Filtering tab to create and modify filtering rules. Rules are stored in the filter.config file.

  • Rules are applied in the order listed, top to bottom. Only the first match is applied. If no rule matches, the request proceeds.
  • Secondary specifiers are optional. More than one secondary specifier can be used in a rule. You cannot, however, repeat a secondary specifier.
  • Three filtering rules are configured by default. The first denies traffic on port 25 to all destinations. The second and third bypass user authentication for connections to 2 Forcepoint Advanced Malware Detection destinations.
  • When Authentication bypass is enabled on the Web > Settings > Scanning > Bypass Settings page of the Forcepoint Security Manager, appropriate rules are added to filter.config.

After adding, deleting, or modifying a rule, restart Content Gateway. See filter.config for information about the structure of stored rules.