Embedded Files
Policies
Policies
iShield Policies enable network administrators to define granular access permissions for internet resources on a per user, device, network, or captive portal session basis.
Policies are made up of a number of components that work together to allow or block traffic based on defined criteria.
Policy Components
URL Groups
RegEx
Blacklists
Web Rules
Time Conditions
Default Action
URL Groups
URL Groups
URL Groups are custom collections of domains or IP addresses.
These are referenced within policies and allow administrators to fine-tune access rules based on organisational requirements.
Create a URL Group
From the menu, select Policies
On the URL Groups tab, select Add URL Group
In the dialog box, domains can be:
Pasted as a predefined list, or
Entered manually
Specify a URL Group Name that clearly describes its purpose, as this name will be referenced when creating web rules.
Domain Matching & Wildcards
Domains can be entered using wildcards, allowing flexible matching without defining every possible subdomain or TLD.
Example:
*.whatsapp.*
Wildcards simplify URL Group creation and ensure all relevant domain variations are matched.
Once complete, click Add URL Group.
The newly created URL Group will now appear in the URL Groups list.
Repeat this process to create multiple URL groups as needed.
Time Conditions
Time Conditions
Time Conditions allow web rules to be applied only during specific days and times.
Create a Time Condition
From the menu, select Policies
Navigate to the Time Conditions tab and click Add Time Condition.
Time Condition Name: Unique identifier.
Days of the week: Select on which days the rule will apply.
Start Time: Start time of execution.
End Time: End time of execution.
Once configured, click Add Time Condition.
The Time Condition will now be available for use within web rules.
Policies
Policies
Policies combine URL Groups, Blacklists, and Time Conditions into enforceable rules that control internet access.
Create a Policy
From the menu, select Policies
Navigate to the Policies tab and click Create New Policy.
Enter a descriptive policy name, for example:
Guest
Staff
Students
Executives
Admin
Click Create New Policy to add it to the policy list.
Adding Web Rules to a Policy
To add a web rule to a policy and begin controlling access to internet resources, click Add Rule within the policy to which the rule should be applied.
In the Edit Web Rule dialog, select a URL Group or Blacklists from the available options.
Once a URL Group or Blacklist has been selected:
A Time Condition may be assigned (if configured).
The Action can be set to either Allow or Block.
When the rule configuration is complete, click Add Web Rule.
To make additional changes to an existing web rule, select the edit icon.
The web rule will be added to the policy and will take effect after the configuration changes are saved and applied using a reload.
Rule Execution Order
iShield policies evaluate web rules from top to bottom.
For this reason:
Rules higher in the list are evaluated first
Once a rule matches, no further rules are processed
As a general guideline, allow rules should be placed above block rules.
However, depending on the intended policy behavior, block rules may be positioned before allow rules where appropriate.
Example: Time-Based Social Media Blocking
In the example shown below, a social media block rule is positioned at the bottom of the web rule list and is configured to apply during working hours.
Days of the week: Monday to Friday
Time of day: 08:00 – 17:00
Behavior:
Social media access is blocked during working hours
Outside of the configured time condition, traffic is evaluated by the next rule in the list
The next rule is the default rule, which is set to Allow
As a result:
Social media is allowed from 00:00 to 07:59
Social media is allowed from 17:01 to 23:59
Social media is allowed all day on Saturdays and Sundays, as these days are not included in the time condition
Saving and Applying Changes
Saving and Applying Changes
Always ensure that Save Changes is clicked at the bottom of the Policies page. This step is easy to overlook but is required before changes can be applied.
Once saved, apply the configuration by performing a reload.
Default Rule Behavior
Default Rule Behavior
Each policy includes a Default Rule, which determines how traffic is handled when no web rules match.
For more secure environments, it is recommended to:
Set the default rule to Block.
Explicitly define Allow rules only for required websites.
This approach ensures tighter control and reduces the risk of unintended access.
Important Rule Configuration Note
Combining URL Groups and Blacklists within a single web rule may not produce the expected results.
When both are selected in the same rule, iShield evaluates them using an AND condition. This means:
The rule will only match if a domain exists in both the URL Group and the Blacklist
To block services such as domains in a URL Group and Social Media Blacklist outright, it is recommended to:
Create separate web rules for URL Groups and Blacklists.
Avoid combining them into a single rule.
Page updated
Report abuse