Acceptable use policy

In addition to configuring how threats are handled, a policy is also where your organization controls access to websites and web applications. ETP includes categories for websites that you can block within an enterprise.

Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to domains in a category is allowed, scanned by ETP, monitored by ETP, or blocked in your network. For a list and description of all AUP categories, see Acceptable use policy categories.

With AVC, you can add an AUP category to the policy and select a policy action. You can also see the web applications that are associated with each AUP category. To learn more about AVC, see Application visibility and control.

If ETP Proxy is enabled, you can:

  • Scan requested content with ETP malware engines. If ETP Proxy is configured as a full web proxy, ETP Proxy scans websites for categories that are not blocked or assigned the bypass action. For more information about full web proxy, see Full web proxy.

  • Configure an authentication policy. To prompt users to authenticate before accessing an allowed website or web application, you can select the Require or Optional authentication modes. Otherwise, you can select None. For more information, see Authentication policy.

  • Select the users and groups granted access to websites or web applications. This functionality is available when authentication is required or optional in a policy configuration. Users or groups that are exceptions to a block action are prompted to authenticate. If no threat is detected, these users are granted access to websites in these categories. To select users or groups as exceptions, you need to assign an IdP to the policy.

  • Bypass a category. This action allows websites or web applications in the associated category to bypass ETP or if the proxy is enabled, ETP Proxy.

    You may want to select the bypass action for categories that are associated with sensitive information such as the Finance & Investing and the Healthcare categories. This action prevents ETP or ETP Proxy from inspecting this traffic.

  • Select an operating mode. The Operating Mode menu in the policy defines the mode that ETP uses for traffic by default. You can select the Full Web Proxy, Selective Proxy, Walled Garden, and DNS Protection.

    • Full Web Proxy. Directs all traffic to ETP Proxy.

    • Selective Proxy. Directs domains and risky web traffic to ETP Proxy, and DNS traffic that’s configured with the Allow action to ETP Proxy.

    • Walled Garden. Blocks all traffic unless it’s configured with the Allow action.

    • DNS Protection. Protects DNS traffic based on the policy. You can select this mode only when ETP Proxy is disabled.

    If the Operating Mode is set to the selective proxy, categories that are not blocked are reported as unclassified. For more information, see Default operating mode.

  • Select a mobile mode. You select this mode in a policy for mobile traffic when ETP Client is installed on a device. You can define a mode for these mobile devices:

    • iOS. For iOS devices, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.
    • Android. For Android devices, you can select any of these modes: Full Proxy, Selective Proxy, Walled Garden, and Proxy (Browsers Only). Proxy (Browsers Only) directs only browser traffic to the proxy.
    • Chrome OS. For Chrome OS, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.

    The Mobile Mode settings are currently in beta. For more information, see Mode for mobile devices.

​Enterprise Threat Protector​ includes AUP categories that you should consider blocking in your network:

  • Anonymizers. This category is made up of services that allow users in your corporate network to bypass enterprise security settings. These services may include a personal VPN or an anonymizing proxy.

  • File Sharing. Category for file sharing services or applications such as Dropbox, Google Drive, and OneDrive. These services allow users to download and upload a large number of files to your network, potentially creating a backdoor to your organization's network. If you do not want to block File Sharing, ETP provides a policy option that allows you to analyze downloads from these domains. For more information, see Scan file sharing downloads for malware.

If your organization uses a custom response and ETP Proxy is disabled, you can associate a custom response to a blocked action. As part of the block action, traffic to blocked websites and web applications is forwarded to the custom response. Information about the machine that made the request is recorded. Keep in mind that this data is not reported in ETP. To learn more about custom responses, see Configure a custom response.

Acceptable use policy categories

Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to websites in these categories is allowed, scanned by ETP Proxy, monitored by ETP, or blocked in your network.

AUP categories are configured in a policy as part of access control and AVC. You add AUP categories to a policy and select an action for these categories. For more information, see Configure access control and Application visibility and control.

If ETP Proxy is enabled as a full web proxy, requests to allowed (not blocked) websites are still directed to ETP Proxy for analysis. ​Enterprise Threat Protector​ Proxy scans web traffic and blocks non-web traffic that is sent over port 443, such as Extensible Messaging and Presence Protocol (XMPP) or XMPP over TLS.

If there is a website that you don't want directed to ETP Proxy, make sure you configure these domains in an exception list. An exception list is automatically assigned the bypass action in a policy. For more information, see Exception lists.

Category

Description

Abortion

Websites that are in favor of or against abortion. This includes websites that describe the procedure, provide information on where to obtain one, and give testimonials on the topic.

Alcohol & Tobacco

Websites that promote, sell, or provide information related to the consumption of alcohol or the use of tobacco and tobacco-related products.

Anonymizers

Websites that provide anonymous access to other websites through a proxy. These proxies avoid URL filtering and monitoring. You should block this category to prevent end users from bypassing enterprise security.

Auctions

Websites that offer online auctions.

Blogging

Websites that are blogs or host and publish blogs. These websites contain regularly posted entries that share views, commentary, or personal content. Blogs often include photos and multimedia.

Business & Economy

Websites focused on business firms, marketing, management, economics, and entrepreneurship. This includes corporate websites and websites dedicated to other consumer services.

Chat Site

Websites that enable users to chat in real time through chat rooms, online conferences, video chat, or instant messaging.

Child Pornography

Websites that contain obscene, harmful, and sexually explicit or suggestive content involving minors. This content includes pornographic visual depictions in images, videos, and other media.

Computer & Internet Info

Websites related to computers that provide technical information. Websites in this category focus on hardware, software, SaaS, Internet services, or more.

Computer & Internet Security

Websites that discuss or provide information on computers and Internet security.

Confirmed Spam Sources

Websites that are known spam sources.

Content Delivery Networks

Websites that deliver content and data such as images, videos, and media files as a result of a content delivery network.

Criminal Skills

Websites that provide resources, information, or equipment to commit crimes and avoid prosecution.

Cult and Occult

Websites for religious movements, groups, or sects that are exploitative or unorthodox. This category also contains websites focused on the practice of magic to interpret and influence events.

DNS-over-HTTPS Providers

Websites of DNS-over-HTTPS (DoH) providers. DoH encrypts DNS requests and prevents a threat actor from manipulating DNS data. While DoH protects DNS traffic, you should block this category to prevent end users from bypassing ETP security.

Dead Sites

Websites that cannot be categorized into an AUP category. These websites do not respond to HTTP queries.

Drugs

Websites that sell, supply, promote, or advocate for the abuse or illegal use of drugs. These websites also provide information on the cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants, chemicals, and any drug-related equipment.

Dynamic Content

Websites that dynamically generate content based on URL or other information from the web request.

Educational Institutes

Websites for schools and institutions at all educational levels. This category includes websites with content that's designed for students, administrators, and teachers such as enrollment or course information.

Entertainment & Arts

Websites related to the arts, including film, television, music, books, theater, and more. This includes websites for museums, art galleries, and artists.

Fashion & Beauty

Websites focused on glamor, beauty, cosmetics, fashion, and clothes. This includes websites for publications on these subjects.

File Sharing

Websites with clients, protocols, and other resources that allow users to download and share files with others. These websites may also enable users to stream unauthorized content such as movies, TV shows, and more.

Finance & Investing

Websites that allow users to access, research, and manage their finances and investments. These websites are used for online banking, credit cards, personal and financial portfolios, and more.

Forums & Message Boards

Websites that host online communities and allow end users to engage in discussions on a variety of topics. These websites include moderated or unmoderated web forums, message boards, online question and answer sites, and more.

Gambling

Websites that promote gambling and allow users to gamble or place bets. Websites in this category may teach gambling, predict race winners, show lottery numbers, allow users to register for gambling tournaments, and more.

Games

Websites related to the development, promotion, review, download, and overall play of online, PC, handheld, and console video games.

Gore

Websites that promote or feature excessive, graphic, or deliberate violence against humans or animals. Websites may include real or animated scenes of violence, extremely violent video games, horror media and entertainment, and more.

Government

Websites that contain information on the government, government agencies, and services. This includes local, county, state, and national government websites.

Hacking

Websites with resources that allow hackers to gain unauthorized access and compromise a system or network with computer programming.

Hate

Websites that promote or feature discriminatory, hostile, intolerant, and aggressive content with the intent to denigrate or disparage an individual or group based on race, religion, gender, nationality, ethnicity, sexual orientation, and other involuntary characteristics. These sites may use alleged scientific or accredited methods to justify this content.

Healthcare

Websites related to human health, including disease or illness, treatment, nutrition, and fitness. These websites are also dedicated to healthcare facilities, health insurance, pharmaceuticals, and more.

Home & Garden

Websites that sell products for the home, including decor, tools for maintenance and gardening, electronics, and more.

Hunting & Fishing

Websites focused on hunting or fishing as a sport or recreational activity.

Image & Video Search

Websites that are related to photography and host digital photos.

Individual Stock Advice & Tools

Websites that promote or facilitate stock trading and the management of investment assets. This includes websites that contain information on financial investment news, strategies, and quotes.

Internet Portals

Websites that are a gateway to other content and services on the Internet.

Job Search

Websites that assist with job searches, provide job information, and offer resources for locating employment. Websites in this category also help employers find candidates.

Keyloggers & Monitoring

Websites that log keystrokes and are known to monitor a user's Internet activity.

Kids

Websites that are designed to provide a safe Internet experience for young children and adolescents.

Legal

Websites focused on the practice of law, legal issues, and research, as well as law enforcement. This category also includes the official websites of law firms.

Lingerie

Websites that promote, review, or sell lingerie or intimate apparel.

Local Information

Websites that feature or promote restaurants, local areas of interest, tourist attractions, city guides, and more.

Marijuana

Websites that advertise or officially sell cannabidiol (CBD). This category excludes websites that promote CBD or marijuana for recreational use.

Military

Websites dedicated to the military, armed forces, military history, and military personnel. This category also includes websites dedicated to services for veterans, soldiers, and their families.

Motor Vehicles

Websites that sell, manufacture, review, promote, or discuss motorized vehicles and their related products.

Music

Websites that stream, sell, and allow users to download music. This category also includes websites that provide information on musical artists, song lyrics, performances, and more.

News & Media

Websites that communicate the news. This category includes websites for newspapers, public broadcasting stations, radio stations, and more.

Nudism and Naturism

Websites that depict the naked body but are not pornographic or sexual in intent. For example, websites in this category may show the naked body in art form. This category also contains websites that feature or promote nudism or a nudist lifestyle.

Online Greeting Cards

Websites for online greeting cards.

Parked Domains

Websites that host limited content and may contain advertisements to generate revenue. These websites are usually owned by domain name registrars, domain brokers, or Internet advertising publishers.

Pay to Surf

Websites that pay users to find and review content on the Internet.

Peer to Peer

Websites that enable users to illegally share and transmit digital content.

Personals & Dating

Websites focused on establishing romantic relationships or marriage. These websites may offer online dating services, professional matchmaking and matrimonial services, tips for dating, and more.

Plagiarism

Websites that offer, sell, or promote free academic writing services.

Political Advocacy

Websites focused on politics or philosophy where a particular viewpoint is expressed.

Pornography Websites

Websites that contain sexually explicit material meant to incite sexual excitement or interest.

Real Estate

Websites related to the rent and purchase of real estate or other property. This category also includes websites on mortgages, real estate agents, tips on selling a home, property improvement, and more.

Recreation & Hobbies

Websites focused on hobbies and recreational activities for enthusiasts and amateurs. This includes websites that provide information on associations, forums, and publications for these interests, such as outdoor activities, crafts, and collecting.

Reference & Research

Websites for personal, professional, and educational research. Websites in this category include online dictionaries, library catalogs, scientific information, and more.

Religion

Websites dedicated to religious subjects, practices, services, and houses of worship.

Search Engines

Websites that search the Internet for information, images, video content, and more based on provided keywords and phrases.

Self-Harm

Websites that promote, normalize, or glamorize the repetitive and deliberate ways to inflict harm to oneself. This category also contains websites that advocate or glorify suicide and promote methods for committing suicide.

Sex Education

Websites that contain information about reproduction, sexual development, sexual orientation, contraceptives, sexually transmitted diseases, and other topics related to sex.

Shareware & Freeware

Websites that offer free software, utilities, media, and other content for legal download.

Shopping

Websites that allow consumers to purchase goods and services from retailers or sellers.

Spam URLs

Websites or URLs from spam messages.

Sports

Websites that analyze, promote, or provide information about competitive sports or sports fans.

Spyware & Adware

Websites associated with vendors of spyware or adware. These websites may gather information about the user, display unsolicited advertising, and download unwanted software to the user's machine.

Streaming Websites

Websites that feature and transmit live or on-demand audio or video content over the Internet. This includes websites that sell, deliver, and stream content to users.

Training & Tools

Websites focused on developing or attaining a formal education or vocational skills. Websites in this category offer online courses, software training, and more.

Translation

Websites used for translation that allow users to see content or URL pages in other languages.

Travel

Websites related to travel, including booking a trip, travel agencies, reserving hotels, and more.

Virtual Community

Websites that promote social networking and have online communities where users interact and communicate with one another.

Weapons Related

Websites that promote and provide information on various types of weapons, such as knives and guns. This category includes websites that sell knives, guns, and firearm accessories. It also includes websites that provide instructions on making weapons for hand-to-hand combat or martial arts.

Web Advertisements

Websites that host advertisements to attract consumers and increase web traffic.


Did this page help you?