The flexibility of the WinGate rules set allows many policy possibilities. You must decide what security policies you will implement based on your specific requirements.
Rule Suggestions & Examples:
In the following examples the actual policy data is displayed in bold so that it stands out.
- With the Ban list tab on the WWW proxy, ban the following sites: www.playboy.com, www.naughty.com, www.thex-files.com and any URL containing words: sex, hardcore, XX, filth, and any other objectionable words.
- everyone can access the WWW Proxy, but they cannot request URL resources ending in .GIF or .jpg.
- is allowed to post forms with the HTTP Method, POST.
- is allowed to use SOCKS if they are using version 4 of the protocol.
- User bobby-sue
- can access the WWW proxy only from 192.168.0.2 weekdays from 9 - 5 as long as he is using HTTP Method Get, and his user account balance is greater than 0 User mary-bob can check her mail only from 192.168.0.3 weekdays from 9 - 5 as long as she is checking her POP3 username account mary-bob on the server mail.host.com. Step-By-Step Example: You may want to allow access only to a certain site, e.g. www.wingate.com pages. Open GateKeeper Log on as Adminstrator. Open the WWW proxy properties on the Services tab of the GateKeeper control panel. Select the Policies configuration . Double-click the recipient you wish to restrict, or click Add to add a new recipient. On the Recipient properties configuration select the Advanced Tab Select the Criterion is met if radio button option. Create a filter with a single request criterion of Server name contains www.wingate.com. If you want to add more sites, add more filters with an appropriate criterion. Click OK to exit the Recipient properties dialog. Depending on requirements set the Default rights(System Policies) option on the main Policy configuration to (Are ignored)(This will make sure that this policy is always applied over any system policy.) In the above example you could create different filters (with similar criterion) like this and this will allow any pages from the listed sites, but nothing from any other sites. Evaluating Filters and Rules Essentially, all filters in a policy are joined with Boolean/conditional ORs. This means that if either filter evaluates to true, then the activity is restricted/allowed (depending on how you have configured it). On the other hand, the rules(critierion) within filters are joined with Boolean/conditional ANDs, which means that they must all evaluate to true for the filter to apply. The table below summarizes how each of these logical connectors works.
- - If criteria are joined with an AND, then they must all evaluate to true for the rule to apply.
- - If criteria are joined with an OR, then only one of the criteria must evaluate to true for the rule to apply.
- - This means that a rule will apply if the criteria does not evaluate to true.