Configure Web Access Control

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

In the Web Access Control settings of a workstations and servers settings profile, you can limit access to specific web content categories, and configure a list of URLs to allow and deny access to.

The Web Access Control feature does not support browsers with the HTTP/3 (QUIC) protocol. For more information, go to Disable the HTTP/3 (QUIC) Protocol.

Each computer on the network keeps a database of the URLs accessed from it. This database can only be accessed from the computer for a period of 30 days.

To configure web access control:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Settings.
3. Select Workstations and Servers.
4. Select an existing security settings profile to edit, copy an existing profile, or in the upper-right corner of the window, click Add to create a new profile.
   The Add Settings or Edit Settings page opens.
5. Enter a Name and Description for the profile, if required.
1. Select Web Access Control.
2. Enable the Enable Web Access Control toggle.
3. To specify when you want to enable web access control:
   1. Select Enable Only During the Following Times.
   2. On the calendar, select the days and hours when you want to enable web access control.
      Click the day to select the whole day. Click and drag the squares to select multiple days and times. Click Clear to disable web access control for all of the times selected.




4. Select the categories you want to deny computers access to.



5. To Deny Access to Pages Characterized as Unknown, enable the toggle.
   Internal and intranet sites accessible on ports 80 and 8080 could be categorized as unknown. To avoid this, add exclusions for internal pages you want to allow.
6. To exclude sites from web access control and always allow access to them, in the Always allow access to the following addresses and domains text box, enter the URLs.
   Access is allowed to all addresses that start with the specified addresses and domains, even if the full URL is longer.
7. To always deny access to an IP address or domain, in the Deny access to the following addresses and domains text box, enter the IP address or domain.
   Access is denied to all addresses that start with the specified addresses and domains, even if the full URL is longer. You can use wildcard domains such as *.example.com.

6. Click Save.
7. Select the profile and assign recipients, if required.
   For more information, go to Assign a Settings Profile.

Domain Names Examples

You can add multiple similar domains to a list with a single domain entry. To do this, you add the part of the domain name that is common to all of the domains you want to add. For example, https://www.mydomain.com/test can represent these and additional domains:

• https://www.mydomain.com/test/test2.htm
• https://www.mydomain.com/testing.htm
• https://www.mydomain.com/test/test2/

The wildcard character (*) is not supported.

Related Topics

About Web Access Control Categories

Manage Settings Profiles