Using the Local Site List Editor

  1. On the Configuration > Group Policy > Local Site List page, click Add Site.
  2. In the Specify the site to add text box, enter the URL, domain, top-level domain (TLD), IP address, or CIDR range that you want to add.
    To add multiple entries by entering one per line, click Enter multiple sites to expand the Specify the site to add text box. Click Enter single site to reduce it to single line size. When URLs are added, the protocol is stripped from the URL. So, to the web appliance, is the same as Note that:
    • A TLD entry should begin with a '.' (for example '.edu').
    • If you enter a domain or top-level domain (TLD) with a single subdomain level, any additional subdomain levels will also be filtered. For example, an entry such as will also filter and
    • If your entry includes a path (query) and the website is blocked for any reason, the appliance may need to decrypt HTTPS traffic even if HTTPS scanning is turned off in order to apply the correct policy. For example, if HTTPS scanning is off and is blocked by a category, and you add a local site list entry that allows, the appliance decrypts the traffic in order to see the query and apply the correct policy. Once the appliance determines that the traffic is allowed, no further scanning is applied.
    • If your entry includes a domain and at least one level of subdomains, no additional subdomains will be filtered. For example, an entry such as will not result in the filtering of other subdomains of, including or
      Note Some TLDs are known as second-level domains. These are similar to a subdomain and TLD. For instance, is a second-level TLD that is distinct from .uk. In the above, if was a second-level TLD, the other entries would be filtered.
    • You can simultaneously create different rules for TLDs and subdomains. For instance, if a country had a TLD of .zz, you could block all sites by blocking the .zz top level domain and then selectively allow specific sites such as example.zz.
    • You can add the URL of an HTTPS service that uses a non-standard port (other than port 443), which extends web appliance filtering support to that URL. We suggest that you set such sites as Low Risk.
    Important The web appliance will interpret any dotted quad followed by a slash and a number less than 33 as a CIDR range. This creates the possibility that a URL entered as an IP address followed by a numbered directory from 0 to 32 would be improperly treated as a CIDR range. For example,, where '/6' is a directory, would be interpreted as a CIDR range. To avoid this possibility, always enter URLs to numbered directories using fully qualified domain names rather than IP addresses.
  3. On the Modify the site properties panel, do one or more of the following:
    Important You must choose at least one of the following three options to create a new local site list entry.
    • From the Tag editable drop-down list, either enter the name of a new tag that you want to create in the text box, or click the adjacent down arrow icon to choose an existing tag from the drop-down list.

      Tags allow you to set policy rules more simply and flexibly than is possible by using other policy features. Tags can be created in two places, this Local Site List Editor and the Configuration > Group Policy > Additional Policy page. In the Additional Policy wizard, you can set what action is taken in response to a tag. In this, the Local Site List Editor wizard you can apply one or more tags to a URL. For tags to work, you must perform the configuration steps in both places.

      There are, however, three system tags: Globally allowed sites, Globally blocked sites, and Never send to Sandstorm. These tags only appear in the Local Site List Editor dialog box’s tag drop-down list. Their actions are predefined and match what their name indicates. The Globally allowed sites tag will not override the behavior expected as a result of a site’s risk class.

      Note There is no need to delete tags. Any tags that are not applied to URLs in the Local Site List and that do not have an additional policy set are automatically removed every Sunday night at midnight.
    • Select Override the risk class, and select the risk class that you want to use from the drop-down list.
    • Select Override the category, and select the category that you want to use from the drop-down list.
  4. Optionally, add a comment explaining why you are treating the URL this way.

    This is useful for future reference and for other administrators.

  5. Click Save.

    The Local Site List editor closes, and the new local site list entry that you configured is viewable in the Local Site List.