The Configuration > Global Policy > Data Leakage Prevention page allows appliance
administrators to enable or disable posting capabilities for their users on select webmail sites,
and on sites categorized as Blogs & Forums.
When your users attempt to send a webmail message or post a message to a blog, and you have
data leakage prevention enabled, they could very likely see an error message generated by the
webmail or blogging site rather than a notification page from the Web Appliance itself.
■
To manage Webmail control:
a) Click On to the right of Webmail control to prevent your users from sending webmail on
the listed sites.
This feature applies to the following webmail sites: Google Mail (Gmail), Yahoo! Mail,
Windows Live Hotmail, and AOL Mail.
Note: Google Mail (Gmail) uses HTTPS for all connections.Therefore, Webmail control
for Gmail will function only with HTTPS scanning turned on. (See also: Configuring HTTPS
Scanning on page 105 and Default HTTPS access for Gmail)
b) Click Off to the right of Webmail control to allow your users to send webmail on the listed
sites.
■
To manage Blog control:
a) Click On to the right of Blog control to prevent your users from posting on sites categorized
as Blogs & Forums.
b) Click Off to the right of Blog control to allow your users to post on sites categorized as
Blogs & Forums.
Related concepts
Appliance Features Not Supported by Endpoint Web Control on page 54
4.3.5 Configuring HTTPS Scanning
Note: HTTPS scanning is not supported for Endpoint Web Control.
To provide secure sessions between your users and commercial or banking sites, HTTPS encrypts
web content between the website server and the user’s browser. While the traffic between the
two is encrypted during an HTTPS session, the content that is delivered is just as likely to be
infected with viruses or other malware as content from non-encrypted sites.To scan encrypted
content, it must first be decrypted, then scanned, then re-encrypted for delivery to the requesting
end user’s browser.
Doing this maintains the privacy of the encrypted content, as the process is done automatically
without human eyes viewing the content. However, because the traffic has been decrypted, the
original site certificate cannot be used by the browser to authenticate the connection, so the
original certificate is replaced by one generated automatically on the appliance using a
Sophos-generated certificate authority. This replaces the original certificate, which requires that
you download and install the Sophos-generated certificate authority into your users’ browsers,
which can be done as a centralized system administration operation using Active Directory Group
Policy Objects.
Sophos Web Appliance | Configuration | 105
To Next Page
Loading...
Need help?
General
