Add HTTP Inspection Policy: Specify Rules Parent topic

HTTP > HTTP Inspection > Policies | policy name or Add | HTTP Inspection | Bot Detection Rule
The Rules screen allows you to select the Inspection Filters for HTTP traffic. Adding an HTTP Inspection policy is a three-step procedure. First, you create an account to specify users, then you assign HTTP Inspection filtering rules to the new policy, and then you specify any exceptions.
  • Enable policy—Enables or disables the individual policy; the global HTTP Inspection setting overrides the specifications of an individual policy.
  • Inspection Filter—Choose the Inspection Filter to designate the type of traffic to which the policy will apply. The number of filters available is equal to the default filters plus any custom filters that have been created.
    Note
    Note
    Create custom filters at HTTP > HTTP Inspection > Filters > Add.
    The following describes the available filtering actions:
    • Allow (scan)—Connection to the target server is allowed and users can access the Web site, but the content is scanned for malware.
    • Allow (no scan)—Connection to the target server is allowed and users can access the Web site, but the content is not scanned for malware.
    • Block—Connection to the target server is not established and users are not allowed to access the Web site. A log entry is also created for this event.
    • Monitor—Connection to the target server is allowed and users can access the Web site. A log entry is also created for this event.
      Note
      Note
      For the next section, restricted days and hours are defined at Administration > IWSVA Configuration > Scheduled Times.
    • Scheduling—Select the scheduling time that configuration at Administrator > IWSVA Configuration > Scheduled Times, default time is Always.
    • Notes—Use to create policy notes, for example, to summarize the intent or justification for the policy. It can serve as a simple reminder or as a communication to others who could later administer HTTP Inspection.

Specifying Bot Detection Rules

In order for you to monitor and analyze possible bot behavior within your network environment, rather than directly block the connection, you can specify whether to "Block" or "Monitor" an action when a bot detection rule has been matched. As with all Web Reputation policies, you have the ability to Add, Delete, Modify, or Deploy a Bot Detection policy.
See also: