Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » User can override URL rules (What does this really do?)
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
Hello all,

I hope someone can help make this a little more clear. I am trying to figure out what the difference is and how it impacts users on:

Users can override web content rules;
Users can unlock URL rules

I know how to config a url rule, and how it interacts with the user authentication. What I am confused with is how these two options in user config affect the user account.

For the following situations (A), the option to require user authentication is ENABLED in Domains and Authentication.

Situation 1A: both options are turned on:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall and then I have the option to unlock the URL rule. This works. User is now able to access blocked site.

Situation 2A: user can override web content rule:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall, but am still blocked. IMO, this should have the same effect as 1A, but without the need to unlock the rule. It should just override and continue.

Situation 3A: user can unlock URL rules:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall, and then continue on to the site (assuming the behavior here is login and unlock simultanteously). If I am already logged in and then try to access a blocked site, I do have the unlock button, unless the URL rule has the unlock option disabled.

Situation 4A: both options are turned off:

User is blocked completely, this is good.

For the following situations (B), the option to require user authentication is DISABLED.

Situation 1B: both options are turned on:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall and then I have the option to unlock the URL rule. This works. User is now able to access blocked site.

Situation 2B: user can override web content rule:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall, but am still blocked. IMO, this should have the same effect as 1B, but without the need to unlock the rule. It should just override and continue.

Situation 3B: user can unlock URL rules:

When I try to access a blocked site, I do get the blocked message. I am able to login to the firewall, and then continue on to the site (assuming the behavior here is login and unlock simultanteously). Since requiring authentication is turned off, the user could not be already logged in.

Situation 4B: both options are turned off:

User is blocked completely, this is good.

So I guess after a very long post and alot of testing, the only confusing factor is: What does user can override URL rules really do? Seems the only option that really makes a difference is the unlock option, regardless of the status of the override url rule option.

Also, it seems that situations 1 & 3 are essentially the same, unless the user is already logged in.

Thoughts?
Previous Topic: DDNS Problem with Multiple DHCP Interfaces
Next Topic: Kerio block Apps on Facebook ??????
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 18 14:57:17 CEST 2017

Total time taken to generate the page: 0.00391 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.