How to roll out an inappropriate website control policy

This basic web control option includes 14 essential website categories. It is designed to protect users from visiting inappropriate websites. Consider the following when implementing a web control policy. See the Sophos Enterprise Console documentation for specific instructions.
  1. Ensure that the web control policy is enabled.
  2. If your organization has an acceptable use policy, you should tailor the settings accordingly, thus preventing users from visiting any sites that could be deemed inappropriate.
  3. To grant access to websites differently for various computer groups, create a different policy for each group.
  4. Think about which computer groups will be subject to web control, and what type of policy is suitable for each group of machines.
  5. View the default action for each website category. If you prefer to apply a different action, select it from the drop-down list. Consider which categories you want to block users from visiting, which categories will be accessible, and which categories you want to warn users about visiting.
  6. Determine which websites you want to exempt from filtering, and add them to the Websites to Allow list or Websites to Block list.
    Note If there are conflicting or overlapping entries in the 'Block' and 'Allow' lists, the entries in the Block list will always take precedence. For example, if the same IP address is included in the Block list and the Allow list, the website is blocked. Furthermore, if a domain is included in the Block list, but a subdomain of that same domain is included in the Allow list, the Allow entry is ignored, and the domain and all of its subdomains are blocked.
  7. Use the web control Event Viewer to examine filtering results. You can access the Event Viewer by clicking Events > Web Events. Use the Event Viewer to see web events. You may want to make adjustments, based on these results.

For more information, see the Sophos Enterprise Console documentation.