Editing a limited access filter

A limited access filter is a list of URLs, IP addresses, and regular expressions, used to identify specific websites that users can access. When the filter is applied to clients, those clients cannot visit any site that is not in the list.

Important:

If a URL permitted by a limited access filter becomes infected with malicious code, as long as Security categories are blocked, user requests for that site are blocked.

For instructions to change this behavior, see Prioritizing Security Risk categorization.

Use the Policy Management > Filters > Edit Limited Access Filter page to make changes to an existing limited access filter. You can change the filter name and description, see a list of polices that enforce the filter, and manage which URLs, IP addresses, and regular expressions are included in the filter.

When you edit a limited access filter, the changes affect every policy that enforces the filter.

Steps

  1. Verify the filter name and description. To change the filter name, click Rename, and then enter the new name. The name is updated in all policies that enforce the selected limited access filter.
  2. Use the Policies using this filter field to see how many policies currently enforce this filter. If 1 or more policies enforce the filter, click View policies to list them.
  3. Under Add or Remove Sites, enter the URLs and IP addresses that you want to add to the limited access filter. IP addresses may use IPv4 or IPv6 format.
    Important: When a Limited Access Filter is applied to a client request, an exact match is required to allow access to a site.

    Enter one URL or IP address per line.

    • For HTTP sites, it is not necessary to include the http:// prefix.
    • When an HTTP site is managed according to its Forcepoint URL Database category, web protection software matches the URL with its equivalent IP address. This is not the case for limited access filters. To permit a website’s URL and IP address, add both to the filter.
    • For FTP and HTTPS sites, include the prefix (protocol). For sites that use a URL in the IP address instead of a hostname, add the entry with the protocol and IP address.
  4. Click the right arrow (>) to move the URLs and IP addresses to the Permitted sites list.
  5. In addition to adding individual sites to the limited access filter, you can add regular expressions that match multiple sites. To create regular expressions, click Advanced.
    • Enter one regular expression per line, and then click the right arrow to move the expressions to the Permitted sites list.

      The list will not be moved to the Permitted site list if the format of any of the expressions is not supported.

    • To verify that a regular expression matches the intended sites, click Test.
    • See Using regular expressions, for detailed information about using regular expressions for policy enforcement.
  6. Review the URLs, IP addresses, and regular expressions in the Permitted sites list.
    • To make changes to a site or expression, select it and click Edit.
    • To remove a site or expression from the list, select it and click Delete.
  7. After editing the filter, click OK to cache your changes and return to the Filters page. Changes are not implemented until you click Save and Deploy.