Avanti Application Control empowers you to secure your network by controlling application access. This guide provides a clear, step-by-step walkthrough of whitelisting URLs using Avanti. Learn how to easily add specific websites to your approved list, enhancing security while maintaining user productivity. Master this crucial security function and confidently manage your organization's online access. Let's get started!
Step-by-Step Instructions
-
Block all websites and redirect
- Prevent access to all websites by using the asterisk wildcard (* or http*) in the URL field and set the action to 'redirect'. You can redirect to a custom site or use the default application control page.
Block all websites and redirect -
Add initial allowed URLs
- Add URLs to your whitelist. For example, add the URL for Office 365.
Add initial allowed URLs -
Test initial configuration
- Save the configuration and test in a browser. Verify that allowed sites are accessible, while others are redirected.
Test initial configuration -
Identify and address inline frames
- Address inline frames. If a website you've allowed still redirects, it's likely due to inline frames loading content from other URLs.
- Create a redirection rule to block all URLs, then allow the target website. Access the website in a browser; the Rules Analyzer will log URLs causing redirects.
- Stop logging and review the report. Identify URLs from inline frames causing the redirection.
Identify and address inline frames -
Add inline frame URLs to whitelist
- Add the identified URLs (including those from inline frames) to your whitelist with an 'allow' action.
Add inline frame URLs to whitelist -
Final test and verification
- Save the configuration and test again. Your website, including inline frames, should now be accessible.
Final test and verification
Tips
- Using the asterisk wildcard (*) provides a simple initial block for all URLs, making it easier to selectively allow specific websites later.
- The Application Control Rules Analyzer is crucial for identifying URLs within inline frames that might be causing unexpected redirects.
Common Mistakes to Avoid
1. Incorrect URL Formatting
Reason: Using incorrect syntax or wildcard characters incorrectly in the URL, leading to either no websites being allowed or unintended websites being blocked.
Solution: Ensure URLs are entered precisely as they appear in the browser address bar, using the correct wildcard characters (*) only where necessary for subdomains or paths.
2. Forgetting to Apply the Policy
Reason: After configuring the whitelist, failing to deploy or apply the policy to the managed devices, meaning the changes are not active.
Solution: Deploy the updated policy to the target devices or groups to activate the whitelist changes.
3. Overly Broad Wildcards
Reason: Using excessively broad wildcard characters, like *.*, allows access to unintended websites, compromising security.
Solution: Use specific and targeted wildcards, only including the necessary parts of the URL to minimize the risk of unintended access.
FAQs
What happens if I whitelist a URL that contains malware?
While whitelisting URLs improves security by restricting access, it's crucial to ensure the URLs are safe and legitimate. Whitelisting a malicious URL can still expose your system to threats. Regularly review your whitelisted URLs and use other security measures like anti-malware software.
Can I whitelist entire domains instead of individual URLs?
The ability to whitelist entire domains instead of specific URLs depends on the specific Avanti Application Control version and configuration. Check your Avanti documentation or contact support to determine if domain-level whitelisting is supported. If not, you'll need to whitelist individual URLs or potentially use wildcards if your version allows it.