Web Control Policy

You need to configure the web control options to protect users and computers. There are no default options.

Note If an option is locked global settings have been applied by your partner.
Note Web control does not support Desktop Messaging.

To set up a policy:

  • Create a Web Control policy. See Create or Edit a Policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is enabled.
Additional security options

Select Additional security options to configure access to advertisements, uncategorized sites and risky downloads.

  • Block risky downloads: This option blocks risky file types, but allows advertisements and uncategorized files.
  • None: This option allows risky file types, advertisements and uncategorized files.
  • Let me specify: This allows you to set advertisements and uncategorized file types to Allow or Block.

    It also allows you to set Risky File Types to:

    • Recommended: This gives you the settings shown in the table of file types below.
    • Allow: Allows all risky file types.
    • Warn: Warns the user that a file may be risky before they can download it.
    • Block: Blocks all risky file types.
    • Let me specify: This allows you to set a number of individual file types to Allow, Warn, or Block.

Acceptable web usage

Configure Acceptable web usage settings. These control the sites that users are allowed to visit.

Choose from the following options:

  • Keep it clean: Prevents users from accessing adult and other potentially inappropriate websites.
  • Gentle guidance : Blocks inappropriate browsing and warns users before visiting website categories that may impact their productivity.
  • Conserve bandwidth: Blocks inappropriate browsing and warns users before visiting productivity-impacting websites. Blocks site categories likely to consume high bandwidth.
  • Business only: Only allows site categories that are generally business-related.
  • Let me specify: Allows you to configure individual site categories. For each group of categories (such as Productivity-related categories) you can set the behavior to Block, Warn, Allow, or Let me specify. Choosing Let me specify allows you to configure individual categories within these groups.
    Note For more control over how policy affects websites you can use the Settings > Website Management page.

For more information on how Sophos filters websites see Sophos Web Security and Control Test Site.

Protect against data loss

Select Protect against data loss to configure data loss settings.

Selecting this option allows you to choose Block data sharing, Allow data sharing, or Let me specify. Setting these options controls access to web-based email and file downloads.

Log web control events

Select Log web control events to log attempts to visit blocked websites or websites for which we display a warning.

Note If you do not enable logging, only attempts to visit infected sites will be logged.

Log web control events

You can put websites into your own custom categories ("tag" them) and then use a web control policy to control sites in each category.

To set this up, do as follows.

  1. In Endpoint or Server Protection, go to Settings > Website Management.
  2. Click Add.
  3. In Add Website Customization, enter a website and add a tag. You can either type in a new tag name, or select a tag you've used before (you'll see suggested tags when you start typing). Click Save.
  4. In Endpoint or Server Protection, go to Policies > Web Control and select a policy.
  5. Click the Settings tab.
  6. Turn on Control sites tagged in Website Management.
  7. Click Add New on the right of the page.
  8. In Add Website Tag, do as follows.
    • Select the website tag you created.
    • Choose the Action you want to take against websites.
    • Click Save.
  9. At the top of the policy, click Save.

Apply this web control policy at set times only

Note This option is not available in the Base policy.

You can set times when you want to apply the policy.

  1. Turn on Apply this web control policy at set times only.
  2. Click Add.
  3. Select the days and times when the policy will apply.
Note This option uses the local time on the computers that the policy applies to. This may not be the same as the Sophos Central administrator's local time.