Acceptable use policy

In addition to configuring how threats are handled, a policy is also where your organization controls access to websites and web applications. ‚ÄčSIA‚Äč includes categories for websites that you can block within an enterprise.

Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to domains in a category is allowed, scanned by ‚ÄčSIA‚Äč, monitored by ‚ÄčSIA‚Äč, or blocked in your network. For a list and description of all AUP categories, see Acceptable use policy categories.

With AVC, you can add an AUP category to the policy and select a policy action. You can also see the web applications that are associated with each AUP category. To learn more about AVC, see Application visibility and control.

If ‚ÄčSIA‚Äč Proxy is enabled, you can:

  • Scan requested content with ‚ÄčSIA‚Äč malware engines. If ‚ÄčSIA‚Äč Proxy is configured as a full web proxy, ‚ÄčSIA‚Äč Proxy scans websites for categories that are not blocked or assigned the bypass action. For more information about full web proxy, see Full web proxy.

  • Configure an authentication policy. To prompt users to authenticate before accessing an allowed website or web application, you can select the Require or Optional authentication modes. Otherwise, you can select None. For more information, see Authentication policy.

  • Select the users and groups granted access to websites or web applications. This functionality is available when authentication is required or optional in a policy configuration. Users or groups that are exceptions to a block action are prompted to authenticate. If no threat is detected, these users are granted access to websites in these categories. To select users or groups as exceptions, you need to assign an IdP to the policy.

  • Bypass a category. This action allows websites or web applications in the associated category to bypass ‚ÄčSIA‚Äč or if the proxy is enabled, ‚ÄčSIA‚Äč Proxy.

    You may want to select the bypass action for categories that are associated with sensitive information such as the Finance & Investing and the Healthcare categories. This action prevents ‚ÄčSIA‚Äč or ‚ÄčSIA‚Äč Proxy from inspecting this traffic.

  • Select an operating mode. The Operating Mode menu in the policy defines the mode that ‚ÄčSIA‚Äč uses for traffic by default. You can select the Full Web Proxy, Selective Proxy, Walled Garden, and DNS Protection.

    • Full Web Proxy. Directs all traffic to ‚ÄčSIA‚Äč Proxy.

    • Selective Proxy. Directs domains and risky web traffic to ‚ÄčSIA‚Äč Proxy, and DNS traffic that‚Äôs configured with the Allow action to ‚ÄčSIA‚Äč Proxy.

    • Walled Garden. Blocks all traffic unless it‚Äôs configured with the Allow action.

    • DNS Protection. Protects DNS traffic based on the policy. You can select this mode only when ‚ÄčSIA‚Äč Proxy is disabled.

    If the Operating Mode is set to the selective proxy, categories that are not blocked are reported as unclassified. For more information, see Default operating mode.

  • Select a mobile mode. You select this mode in a policy for mobile traffic when ‚ÄčETP Client‚Äč is installed on a device. You can define a mode for these mobile devices:

    • iOS. For iOS devices, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.
    • Android. For Android devices, you can select any of these modes: Full Proxy, Selective Proxy, Walled Garden, and Proxy (Browsers Only). Proxy (Browsers Only) directs only browser traffic to the proxy.
    • Chrome OS. For Chrome OS, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.

    For more information, see Mode for mobile devices.

‚ÄčSecure Internet Access Enterprise‚Äč includes AUP categories that you should consider blocking in your network:

  • Anonymizers. This category is made up of services that allow users in your corporate network to bypass enterprise security settings. These services may include a personal VPN or an anonymizing proxy.

  • File Sharing. Category for file sharing services or applications such as Dropbox, Google Drive, and OneDrive. These services allow users to download and upload a large number of files to your network, potentially creating a backdoor to your organization's network. If you do not want to block File Sharing, ‚ÄčSIA‚Äč provides a policy option that allows you to analyze downloads from these domains. For more information, see Scan file sharing downloads for malware.

If your organization uses a custom response and ‚ÄčSIA‚Äč Proxy is disabled, you can associate a custom response to a blocked action. As part of the block action, traffic to blocked websites and web applications is forwarded to the custom response. Information about the machine that made the request is recorded. Keep in mind that this data is not reported in ‚ÄčSIA‚Äč. To learn more about custom responses, see Configure a custom response.

Acceptable use policy categories

Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to websites in these categories is allowed, scanned by ‚ÄčSIA‚Äč Proxy, monitored by ‚ÄčSIA‚Äč, or blocked in your network.

AUP categories are configured in a policy as part of access control and AVC. You add AUP categories to a policy and select an action for these categories. For more information, see Configure access control and Application visibility and control.

If ‚ÄčSIA‚Äč Proxy is enabled as a full web proxy, requests to allowed (not blocked) websites are still directed to ‚ÄčSIA‚Äč Proxy for analysis. ‚ÄčSecure Internet Access Enterprise‚Äč Proxy scans web traffic and blocks non-web traffic that is sent over port 443, such as Extensible Messaging and Presence Protocol (XMPP) or XMPP over TLS.

If there is a website that you don't want directed to ‚ÄčSIA‚Äč Proxy, make sure you configure these domains in an exception list. An exception list is automatically assigned the bypass action in a policy. For more information, see Exception lists.

CategoryDescription
AbortionWebsites that are in favor of or against abortion. This includes websites that describe the procedure, provide information on where to obtain one, and give testimonials on the topic.
Alcohol & TobaccoWebsites that promote, sell, or provide information related to the consumption of alcohol or the use of tobacco and tobacco-related products.
AnonymizersWebsites that provide anonymous access to other websites through a proxy. These proxies avoid URL filtering and monitoring. You should block this category to prevent end users from bypassing enterprise security.
AuctionsWebsites that offer online auctions.
BloggingWebsites that are blogs or host and publish blogs. These websites contain regularly posted entries that share views, commentary, or personal content. Blogs often include photos and multimedia.
Business & EconomyWebsites focused on business firms, marketing, management, economics, and entrepreneurship. This includes corporate websites and websites dedicated to other consumer services.
Chat SiteWebsites that enable users to chat in real time through chat rooms, online conferences, video chat, or instant messaging.
Child Abuse / ExploitationWebsites that contain obscene, harmful, and sexually explicit or suggestive content involving minors. This content includes pornographic visual depictions in images, videos, and other media.
Computer & Internet InfoWebsites related to computers that provide technical information. Websites in this category focus on hardware, software, SaaS, Internet services, or more.
Computer & Internet SecurityWebsites that discuss or provide information on computers and Internet security.
Confirmed Spam SourcesWebsites that are known spam sources.
Content Delivery NetworksWebsites that deliver content and data such as images, videos, and media files as a result of a content delivery network.
Criminal SkillsWebsites that provide resources, information, or equipment to commit crimes and avoid prosecution.
Cult and OccultWebsites for religious movements, groups, or sects that are exploitative or unorthodox. This category also contains websites focused on the practice of magic to interpret and influence events.
DNS-over-HTTPS ProvidersWebsites of DNS-over-HTTPS (DoH) providers. DoH encrypts DNS requests and prevents a threat actor from manipulating DNS data. While DoH protects DNS traffic, you should block this category to prevent end users from bypassing ‚ÄčSIA‚Äč security.
Dead SitesWebsites that cannot be categorized into an AUP category. These websites do not respond to HTTP queries.
DrugsWebsites that sell, supply, promote, or advocate for the abuse or illegal use of drugs. These websites also provide information on the cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants, chemicals, and any drug-related equipment.
Dynamic ContentWebsites that dynamically generate content based on URL or other information from the web request.
Educational InstitutesWebsites for schools and institutions at all educational levels. This category includes websites with content that's designed for students, administrators, and teachers such as enrollment or course information.
Entertainment & ArtsWebsites related to the arts, including film, television, music, books, theater, and more. This includes websites for museums, art galleries, and artists.
Fashion & BeautyWebsites focused on glamor, beauty, cosmetics, fashion, and clothes. This includes websites for publications on these subjects.
File SharingWebsites with clients, protocols, and other resources that allow users to download and share files with others. These websites may also enable users to stream unauthorized content such as movies, TV shows, and more.
Finance & InvestingWebsites that allow users to access, research, and manage their finances and investments. These websites are used for online banking, credit cards, personal and financial portfolios, and more.
Forums & Message BoardsWebsites that host online communities and allow end users to engage in discussions on a variety of topics. These websites include moderated or unmoderated web forums, message boards, online question and answer sites, and more.
GamblingWebsites that promote gambling and allow users to gamble or place bets. Websites in this category may teach gambling, predict race winners, show lottery numbers, allow users to register for gambling tournaments, and more.
GamesWebsites related to the development, promotion, review, download, and overall play of online, PC, handheld, and console video games.
GoreWebsites that promote or feature excessive, graphic, or deliberate violence against humans or animals. Websites may include real or animated scenes of violence, extremely violent video games, horror media and entertainment, and more.
GovernmentWebsites that contain information on the government, government agencies, and services. This includes local, county, state, and national government websites.
HackingWebsites with resources that allow hackers to gain unauthorized access and compromise a system or network with computer programming.
HateWebsites that promote or feature discriminatory, hostile, intolerant, and aggressive content with the intent to denigrate or disparage an individual or group based on race, religion, gender, nationality, ethnicity, sexual orientation, and other involuntary characteristics. These sites may use alleged scientific or accredited methods to justify this content.
HealthcareWebsites related to human health, including disease or illness, treatment, nutrition, and fitness. These websites are also dedicated to healthcare facilities, health insurance, pharmaceuticals, and more.
Home & GardenWebsites that sell products for the home, including decor, tools for maintenance and gardening, electronics, and more.
Hunting & FishingWebsites focused on hunting or fishing as a sport or recreational activity.
Image & Video SearchWebsites that are related to photography and host digital photos.
Individual Stock Advice & ToolsWebsites that promote or facilitate stock trading and the management of investment assets. This includes websites that contain information on financial investment news, strategies, and quotes.
Internet PortalsWebsites that are a gateway to other content and services on the Internet.
Job SearchWebsites that assist with job searches, provide job information, and offer resources for locating employment. Websites in this category also help employers find candidates.
Keyloggers & MonitoringWebsites that log keystrokes and are known to monitor a user's Internet activity.
KidsWebsites that are designed to provide a safe Internet experience for young children and adolescents.
LegalWebsites focused on the practice of law, legal issues, and research, as well as law enforcement. This category also includes the official websites of law firms.
LingerieWebsites that promote, review, or sell lingerie or intimate apparel.
Local InformationWebsites that feature or promote restaurants, local areas of interest, tourist attractions, city guides, and more.
MarijuanaWebsites that advertise or officially sell cannabidiol (CBD). This category excludes websites that promote CBD or marijuana for recreational use.
MilitaryWebsites dedicated to the military, armed forces, military history, and military personnel. This category also includes websites dedicated to services for veterans, soldiers, and their families.
Motor VehiclesWebsites that sell, manufacture, review, promote, or discuss motorized vehicles and their related products.
MusicWebsites that stream, sell, and allow users to download music. This category also includes websites that provide information on musical artists, song lyrics, performances, and more.
News & MediaWebsites that communicate the news. This category includes websites for newspapers, public broadcasting stations, radio stations, and more.
Nudism and NaturismWebsites that depict the naked body but are not pornographic or sexual in intent. For example, websites in this category may show the naked body in art form. This category also contains websites that feature or promote nudism or a nudist lifestyle.
Online Greeting CardsWebsites for online greeting cards.
Parked DomainsWebsites that host limited content and may contain advertisements to generate revenue. These websites are usually owned by domain name registrars, domain brokers, or Internet advertising publishers.
Pay to SurfWebsites that pay users to find and review content on the Internet.
Peer to PeerWebsites that enable users to illegally share and transmit digital content.
Personals & DatingWebsites focused on establishing romantic relationships or marriage. These websites may offer online dating services, professional matchmaking and matrimonial services, tips for dating, and more.
PlagiarismWebsites that offer, sell, or promote free academic writing services.
Political AdvocacyWebsites focused on politics or philosophy where a particular viewpoint is expressed.
Pornography WebsitesWebsites that contain sexually explicit material meant to incite sexual excitement or interest.
Real EstateWebsites related to the rent and purchase of real estate or other property. This category also includes websites on mortgages, real estate agents, tips on selling a home, property improvement, and more.
Recreation & HobbiesWebsites focused on hobbies and recreational activities for enthusiasts and amateurs. This includes websites that provide information on associations, forums, and publications for these interests, such as outdoor activities, crafts, and collecting.
Reference & ResearchWebsites for personal, professional, and educational research. Websites in this category include online dictionaries, library catalogs, scientific information, and more.
ReligionWebsites dedicated to religious subjects, practices, services, and houses of worship.
Search EnginesWebsites that search the Internet for information, images, video content, and more based on provided keywords and phrases.
Self-HarmWebsites that promote, normalize, or glamorize the repetitive and deliberate ways to inflict harm to oneself. This category also contains websites that advocate or glorify suicide and promote methods for committing suicide.
Sex EducationWebsites that contain information about reproduction, sexual development, sexual orientation, contraceptives, sexually transmitted diseases, and other topics related to sex.
Shareware & FreewareWebsites that offer free software, utilities, media, and other content for legal download.
ShoppingWebsites that allow consumers to purchase goods and services from retailers or sellers.
Spam URLsWebsites or URLs from spam messages.
SportsWebsites that analyze, promote, or provide information about competitive sports or sports fans.
Spyware & AdwareWebsites associated with vendors of spyware or adware. These websites may gather information about the user, display unsolicited advertising, and download unwanted software to the user's machine.
Streaming WebsitesWebsites that feature and transmit live or on-demand audio or video content over the Internet. This includes websites that sell, deliver, and stream content to users.
Training & ToolsWebsites focused on developing or attaining a formal education or vocational skills. Websites in this category offer online courses, software training, and more.
TranslationWebsites used for translation that allow users to see content or URL pages in other languages.
TravelWebsites related to travel, including booking a trip, travel agencies, reserving hotels, and more.
Virtual CommunityWebsites that promote social networking and have online communities where users interact and communicate with one another.
Weapons RelatedWebsites that promote and provide information on various types of weapons, such as knives and guns. This category includes websites that sell knives, guns, and firearm accessories. It also includes websites that provide instructions on making weapons for hand-to-hand combat or martial arts.
Web AdvertisementsWebsites that host advertisements to attract consumers and increase web traffic.