If multiple exceptions could apply to a request, how is the right one selected?

To apply exceptions, Filtering Service uses the following rules:

• By default, Super Administrator exceptions take precedence over exceptions created by delegated administrators.
• A delegated administrator exception takes precedence when the Super Administrator exception has been defined to allow delegated administrator override.
• If multiple equivalent exceptions could be applied:
  • Blocked takes precedence over permit.
  • If there are multiple blocked exceptions, the first one found is applied.
  • If there are multiple permitted exceptions and no blocked exceptions, the first permitted exception found is applied.
  • If there are multiple referer exceptions and no blocked exception, and one of the referer exceptions includes no specific URLs or regular expressions, the referer exception that lists the URL is applied.
• Client exceptions (that apply to one or more individual clients) take precedence over role exceptions.

Use the Test Filtering tool in (under Toolbox in the Web module of the Forcepoint Security Manager) to verify that client requests will be blocked or permitted as expected.