KB Article | Forcepoint Support

Problem Description

If a website is listed in 2 categories, one Blocked Access and Do Not Block, what happens to the request?


The request is blocked. To understand fully the exceptions to this rule, you need to review the Allow Access, Do Not Block, and Block Access actions. For your convenience, the definitions follow below.
Each category has an action assigned to it. This is the action Cloud Web Security takes in response to a user's Internet request. The action applies to all users of this policy unless exceptions are configured.
The available actions are:
  • Allow access
Allow access means that any website within the category is always accessible, regardless of whether it exists in another category that has the Block access action.
  • Do not block
If you do not want websites to be blocked, select Do not block. This ensures that the site is not blocked under this rule, but if it also exists in another category that has an action of Block access, it is blocked under that category.
  • Block access
This blocks access to websites in this category unless they exist in another category with a filtering action of Allow access. If the website exists in another category with the action Do not block, it is blocked under this category.

Filtering action order:

  1. Cloud Web Security applies filtering actions in the following order:
  2. Security category blocking
  3. Application control blocking, File extension blocking, File type blocking, File Size blocking
  4. Standard or custom Web categories: Allow access
  5. Standard or custom Web categories: Require user authentication
  6. Standard or custom Web categories: Confirm
  7. Standard or custom Web categories: Quota
  8. Standard or custom Web categories: Block access
  9. Standard or custom Web categories: Do not block 
For full details, see Policy enforcement actions.

When a per-time, per-user, or per-group exception also exists, it applies actions in this order:

  1. Per-time
  2. Per-user
  3. Per-group
  4. Default

Within each of these, Cloud Web Security uses the same order as the default.

Keywords: allow access; block access; do no block; block action; filtering precedence; quota; confirm; require user authentication; file type blocking; file extension blocking; file size blocking; user access issue; users incorrectly blocked

Article Feedback

Thank you for the feedback and comments.