Mimecast Web Security: Configuring a Block or Allow List Policy

Document created by user.oxriBaJeN4 Employee on Apr 24, 2019Last modified by user.oxriBaJeN4 Employee on May 17, 2019
Version 11Show Document
  • View in full screen mode

This guide demonstrates how to block or allow access to one or more domain / URLs. Note that this policy type overrides all other web security policies. A Block or Allow List policy takes precedence over any TTP managed URL. For example, if <domain>.com is in your managed URL list, but blocked in a policy, access to the domain is blocked.

 

To configure a Block or Allow List policy, you've the option of blocking or allowing access to:

  • Individual domains / URLs by manually entering them.
  • Multiple domains / URLs by importing a CSV file.
    If your policy contains URLs, you must have an Advanced Security policy with the "Web Proxy" option enabled for those targets.

Configuring a Block or Allow List Policy

 

To configure a Block or Allow List policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Select the Web Security | Policies menu item. A list of policies is displayed.
  4. Click on the Create New Policy button.
  5. Complete the Policy Details dialog as follows:
    Field / OptionDescription
    NameEnter a name for the policy.
    TypeSelect Block or Allow List: This allows you to specify whether to block or allow access to one or more domain / URLs. This policy type overrides all other web security policies.
    A Block or Allow List policy takes precedence over any TTP managed URL. For example, if <domain>.com is in your managed URL list, but blocked in a policy, access to the domain is blocked.
  6. Click on the Next button.
  7. Configure the Settings for the selected policy type and click Next.

 

Block / Allow policyTo block or allow access to individual domains / URLs:

  1. Select either the Block or Allow option.
  2. Enter the Domain / URL in the field (e.g. company.com). See the Mimecast Web Security: Block or Allow List Policy Rules / Examples page for further details.
  3. Click on either the Block or Allow button. The domain / URL is added to the domain / URL block / allow list.
    Click on the Trash Can Icon to remove a domain / URL from the block / allow list.
  4. Click on the Next button.
  5. Select who the policy applies to:
    You can add multiple locations, users, and groups to a single policy, making it easier to configure and manage your Web Security policies.
    • Everyone: The policy applies to all users in your organization.
    • Location: The policy applies to all users defined in a location. See the Mimecast Web Security: Configuring Locations page for further details.
      1. Click on the Select Location button.
      2. Select a Location from the list, or use the search tool to find one.
    • Group: The policy applies to a group of users.
      1. Click on the Select Group button.
      2. Select a group from the Active Directory Groups or Local Groups tab.
    • User: The policy applies to an individual user:
      1. Click on the Select User button.
      2. Select the User from the list displayed, or use the search tool to find them.
  6. Click on the Next button.
  7. Review the Summary displayed to ensure all details are correct.
  8. Click on the Create Policy button. The new policy is displayed.

 

Blocking / Allowing Multiple Domains /URLs

 

To block or allow access to multiple domains / URLs:

  1. Import DomainsClick on the Upload a CSV File link. A popup dialog is displayed.
  2. Click on the Download button. The CSV file is downloaded to your browser's download location.
    1. Delete the first line of the template and enter:
    2. Save the .CSV file.
    3. Return to the dialog and click on the Upload button.
    4. Click on the Import button.
      5000 is the maximum number of entries that can be uploaded in the .CSV file.
  3. Click on the Next button.
  4. Select who the policy applies to:
    You can add multiple locations, users, and groups to a single policy, making it easier to configure and manage your Web Security policies.
    • Everyone: The policy applies to all users in your organization.
    • Location: The policy applies to all users defined in a location. See the Mimecast Web Security: Configuring Locations page for further details.
      1. Click on the Select Location button.
      2. Select a Location from the list, or use the search tool to find one.
    • Group: The policy applies to a group of users.
      1. Click on the Select Group button.
      2. Select a group from the Active Directory Groups or Local Groups tab
    • User: The policy applies to an individual user:
      1. Click on the Select User button.
      2. Select the User from the list displayed, or use the search tool to find them.
  5. Click on the Next button.
  6. Review the Summary displayed to ensure all details are correct.
  7. Click on the Create Policy button. The new policy is displayed.

 

Configuring Exceptions and Top Level Domains

 

TLDsYou can allow or block top-level domains (TLDs) in a Block or Allow List policy. This offers you granular control to allow or block a sub-domain under the same TLD. For example, you can block the TLD "cn" by adding it to the block list but allow the subdomain "thepaper.cn", and vice versa.

TLDs are accepted without punctuation (i.e. you don't need to include a period symbol prior to the TLD.)

If there are applications that all users should have access to (e.g. Dropbox, Slack) we recommend adding the domains to your exceptions list, as this overrides all other policies. View the Mimecast Web Security: Managing Exceptions page for more information.

 

See Also...

 

Attachments

    Outcomes