Symantec™ Security Gateways Reference Guide - Sawmill

72 Controlling service accessContent filteringRating modificationsWeb sites, especially newer ones, may not yet be categorized in the URL database. Using a rating profile toblock access to the type of site does not work because the site is not in the database. Rating modificationslets the administrator manually add a Web site to a category, blocking access to the Web site when theappropriate rating profile is in use. Web sites added manually are stored in a local database separate fromthe URL database. When ratings are applied to rules, both databases are parsed. Entries in both databaseshave the same level of precedence and common entries in both databases are inclusive; if an entry exists inboth databases, but is assigned to different categories in each, ratings created using any of the categoriesdeny access.There is also a search option that lets you search the URL database for a specific site. If you search for asite, and it is in the database, it appears in the upper window. You can then modify the ratings for thisparticular URL.URL ListThe URL list lets you define Web sites that are allowed when you enable restrict by URLs in the HTTPparameters for a service group that contains HTTP. When this service group is used in a rule, users canretrieve the URLs listed; access to all other URLs is denied. For example, this might let an administratorrestrict access to company-approved sites only.The IP address of defined Web sites must reverse map to their Web URL. For example, you may have twodifferent Web sites such as http://www.somesite.com and http://www.somesite2.com that are hosted onthe same server. Both of theses sites return an IP address of 207.53.87.2 to a DNS request. However, onlyone of these sites can appear in the DNS records for a reverse map of the IP address 207.53.87.2. Ifhttp://www.somesite.com is matched with the IP address 207.53.87.2 in the reverse lookup record, requeststo access http://www.somesite2.com fail because the reverse lookup of the returned IP address matcheshttp://www.somesite.com; the entered URL does not match the URL returned for the reverse lookup of theIP address.Configuration information for restricting by URL lists is found in your product’s administrator guide.URL pattern matchingURL pattern matching using regular expression syntax is a security method available to the HTTP proxy.Regular expression syntax is a series of characters put together to form a pattern. Table 5-1 lists thesupported characters that are used in regular expressions. When you use the advanced services commandhttp.urlpattern in a rule, this file is examined and each URL request that comes in is parsed against this file.Table 5-1SymbolSupported regular expression symbolsDescription\ Indicates that the next character should be interpreted literally if it normally isn’t, and shouldnot be interpreted literally if it normally is.. Matches anything except the NULL character* A suffix which signifies that the preceding pattern is repeated zero or more times.+ Similar to * except that at least one instance of the previous pattern is required for a match.? Similar to * except that it allows zero or one match only for the preceding pattern.[ Designates the beginning of a character set.[^ Designates the beginning of a complement character set (that is a pattern that matches anycharacters except the ones included in the set).] Designates the end of a character set. If you wish to make this character one of the matchablecharacters in a set, it must appear immediately after the opening bracket.