Hi. Thanks to your questions and answers, I have written a procedure that will be included in the customer documentation for 4.01.01. Here is a peek, although the nice formatting we will have cannot be replicated here:
Whitelisting One or More Applications
You can create a policy to block everything except a single application or small group of applications (or web sites).
To whitelist one or more applications:
1. Select Roles from the menu.
2. Select Add to add a new role. Alternatively, select an existing role and select Configure Role.
3. Create a Deny policy to block everything. This policy can be assigned to a public user SSID.
4. Add an extended application policy to allow a single web site. From the Configure Role page, select New Application Policy.
A new row is added to the Rules list.
5. Select the Edit (pencil) icon and configure the application rule.
6. Next to the Application field, select the Edit (pencil) icon.
The Custom Applications dialog opens.
7. Select Create New Application and configure the fields in the Application Setting dialog that opens.
For example, to allow access to www.companyname.com
, enter Web Applications as the group,
Company Name as the name, and www.companyname.com
as the pattern.
- Specify the application group to which the application belongs. The groups are pre-defined and cannot be customized.
- Enter a unique name for the custom application.
- Enter all or part of a fully qualified domain name (FQDN). The rule will match if the text that you enter appears anywhere in the host header of HTTP traffic. Example: The pattern companyname
will match 'www.companyname.com
', 'companyname.com' and 'http://www.company-name.com'. The match is case sensitive, so the pattern will not match 'Companyname.com'.
8. Repeat step 4-7 as needed to add additional individual web sites that each allow one web site. For
example, if you want to allow five web sites, make an extended application rule for each web site, for
a total of 5 extended application rules.