Access Lists

There's already a pre-configured access list in IPBrick specifying this: Attempts to access sites made from LAN's origin which aim sites not included in the destination group INVALID nor the porn blacklist, in an undefined period (24 hours) are accepted. Because there are no more lines created, all the remaining will be blocked (Figure 4.10).

Access lists have the following structure:

• Source: Identification of the origin group that is governed by the rule (i.e.: a group of users or a list of machines by IP);
• Destination: Identification of the Destination Groups that are governed by the rule (i.e.: name of the configured group of sites, domains, file extensions and words in an URL);
  • Available Groups: For the created destination groups you can enforce a certain set of rules:
    • ONLY ON - Access is granted exclusively to the contents included in a given destination group, access to any other web content is denied;
    • NOT IN - Access is denied to that designated destination group;
    • ALLOW IN - This is used in special cases, for example, you can authorize an exception to a blacklisted word that you may find in a site or any other content that has no innapropriate content, (e.g. The site www.testdomain.com is in a blacklist named "gambling", this blacklist is active. Even so, you can create an exception to that blacklist by creating a destination group called, for example, "BLBYPASS" and typing in Domains the URL, www.testdomain.com);
  • Blacklists: Lets you select which blacklists are going to be activated (e.g: If the porn list is selected, all sites that are out of the porn list can be accessed).
• Period: The time period (already inserted) that the rule is active;
• Policy: This is not configurable, the value is always to deny all that is not set in the access lists.

Access lists should be ordered by rules from generic to specific. The generic rules should be placed at the top and more specific rules should be placed at the bottom (as in the firewall case). If there are several access lists you can order them clicking on Order by.

Figure 4.10: Proxy - Access Lists