Difference between revisions of "Cookie filter"
en>Santosh.thorat |
|||
(10 intermediate revisions by 2 users not shown) | |||
Line 165: | Line 165: | ||
| style="width: 340px" | | | style="width: 340px" | | ||
|} | |} | ||
=== Example === | |||
'''Rule#1''' | |||
I want to allow cookie filtering for connections with profile “COOKIE ALLOW”. | |||
Users who require access to log in webpages and personal account need cookie access. | |||
We can use cookie -> Allow sub section to allow Cookies | |||
[[File:Slide1-cookieAllow.png|left]] | |||
'''Rule#2''' | |||
I want to allow cookie for domain safesquid.com | |||
Despite the deny rule, connections to domain safesquid.com will not drop cookie | |||
This can be used in a situation where login is required for mission critical application. | |||
[[File:Slide2-cookieAllow.png|left]] | |||
== Deny == | == Deny == | ||
Line 273: | Line 289: | ||
[[Category:Configuration]] | [[Category:Configuration]] | ||
=== Example === | |||
'''Rule#1''' | |||
Default rule for dropping cookies used by SafeSquid. | |||
Connections with profile "READ ONLY" will ensure users are unable to login. | |||
Cookie sent in both directions are dropped. | |||
[[File:Slide1-cookieDrop.png|left]] | |||
'''Rule#2''' | |||
Connections with profile “DROP COOKIES FOR GOOGLE” will drop all cookies for domain google.com. | |||
Cookies will be dropped for both incoming and outgoing requests. | |||
[[File:Slide2-cookieDrop.png|left]] |
Latest revision as of 13:48, 5 January 2023
Overview
Cookie Filter allows you to choose which hosts(websites), the browsers are allowed to send and receive the cookies.
An HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie) is a small piece of data sent from a website and stored in the user's web browser while the user is browsing.
You can control the cookie exchange precisely, between remote websites and users.
You can manage the user privacy (Username & Preferences).
You can also disable the users from logging into their personal accounts.
Example : You can block cookies from advertising websites like tribalfusion.com and doubleclick.net to prevent private information from being transferred to them.
And users able to query the search engines (google, yahoo) but they are not able to login to their personal accounts (Gmail, shopping websites, trading websites).
Enabling Cookie filter section on SafeSquid User InterfaceAccess SafeSquid interfaceGo to configure page |
|
GlobalEnabledEnable or Disable cookie filtering section.
|
|
PolicySelect the default action to take, when no matching entry for a requested cookie is found.
|
|
AllowWhen the Policy is Deny, rules defined under this sub-section, are exclusively allowed access. Here you can add a new allow entry, that would explicitly result in acceptance or allowance of cookie transfer to all or specific set of conditions. This effectively allows you set a variety of intelligently and creatively defined Cookie Transfer whitelist(s). EnabledEnable or Disable this entry
CommentFor documentation, and future references, explainthe relevance of this entry with your policies. ProfilesSpecify the Profiles applicable for this entry. This entry will be applicable only if the connection has any one of the specified profiles. Leave it Blank, to apply for all connections irrespective of any applied profile. To avoid application to a connection that has a profile, use negated profile (!profile). Expiry year rangeMention the cookie expiry year range this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : 2016-2017, here cookie will expires after year 2017. Expiry month rangeSelect cookie expiry month range this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : January – March, here cookie expires after March. Expiry day rangeThe cookie expiry day range this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : 1-20, here cookie will expire after 20th day. Expiry weekday rangeThe cookie expiry weekday ranges this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : Monday – Friday, here cookie will expire after Friday. Expiry hour rangeThe cookie expiry hour ranges this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : 1-10, Here cookie will expire after 10 AM. Expiry minute rangeThe cookie expiry minute range this entry applies to. The cookie from a particular host (website), will be expired after this range. Example : 15-30, Here cookie will expire after 10:30 AM. In the above example, Hours are included from Hour range. DomainHere you can mention the domain (website) names by separating with pipe (|) which you want to allow or deny. You can use regular expression to match the domains. Example : safesquid.com|google.com. PathA regular expression matching the cookie's path attribute. DirectionThe direction of the cookie this entry applies to; can be either in (Set-cookie sent by website), out (Cookie sent by browser), or both.
Time match modeSelect the appropriate mode to match the multiple time ranges.
|
Example
Rule#1
I want to allow cookie filtering for connections with profile “COOKIE ALLOW”. Users who require access to log in webpages and personal account need cookie access. We can use cookie -> Allow sub section to allow Cookies
Rule#2
I want to allow cookie for domain safesquid.com Despite the deny rule, connections to domain safesquid.com will not drop cookie This can be used in a situation where login is required for mission critical application.
Deny
When the Policy is Allow, rules defined under this sub-section, are exclusively denied access.
Here, you can add rules under Deny that would explicitly result in blocking or denial of cookie transfer to all or specific set of conditions.
This effectively allows you to set a variety of intelligently and creatively defined Cookie Transfer Blacklist(s).
Enabled
Enable or Disable this entry
- TRUE : Enable this entry.
- FALSE : Disable this entry.
Comment
For documentation, and future references, explainthe relevance of this entry with your policies.
Profiles
Specify the Profiles applicable for this entry.
This entry will be applicable only if the connection has any one of the specified profiles.
Leave it Blank, to apply for all connections irrespective of any applied profile.
To avoid application to a connection that has a profile, use negated profile (! profile).
Expiry year range
Mention the cookie expiry year range this entry applies to
The cookie from a particular host (website), will be expired after this range.
Example : 2016-2017, here cookie will expires after year 2017.
Expiry month range
Select cookie expiry month range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example : January – March, here cookie expires after March.
Expiry day range
The cookie expiry day range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example : 1-20, here cookie will expire after 20th day.
Expiry weekday range
The cookie expiry weekday ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example : Monday – Friday, here cookie will expire after Friday.
Expiry hour range
The cookie expiry hour ranges this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example : 1-10, Here cookie will expire after 10AM.
Expiry minute range
The cookie expiry minute range this entry applies to.
The cookie from a particular host (website), will be expired after this range.
Example : 15-30, Here cookie will expire after 10:30AM.
In the above example, Hours are included from Hour range.
Domain
Here you can mention the domain(website) names by separating with pipe (|) which you want to allow or deny. You can use regular expression to match the domains.
Example : safesquid.com|google.com
Path
A regular expression matching the cookie's path attribute.
Direction
The direction of the cookie this entry applies to; can be either in (Set-cookie sent by website), out (Cookie sent by browser), or both.
- IN : For Inbound Connections only. That is only for the cookies sent by the hosts(websites).
- OUT : For Outbound Connections only. That is only for the cookies sent by the browser.
- BOTH : For Both Inbound and Outbound connections. For cookies sent by the websites as well as cookies sent by the browser.
Time match mode
Select the appropriate mode to match the multiple time ranges.
- ABSOLUTETIME :
When the absolute time match mode is used, any time between the starting and ending time will be match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
The Absolute match mode will match any time starting Monday, 9 AM and ending Friday, 17 PM.
So it will be active from Monday 9 AM to Friday 5 PM. - ALLRANGES :
With the all ranges time match mode howver, a time within all of the ranges will match.
Example: Weekday range specified is Monday to Friday and Hour Range is 9 to 17.
All ranges will match any time between 9 AM to 17 PM, on all weekdays from Monday to Friday.
So it will be active every day from Monday to Friday between 9 AM to 5 PM.
Example
Rule#1
Default rule for dropping cookies used by SafeSquid.
Connections with profile "READ ONLY" will ensure users are unable to login.
Cookie sent in both directions are dropped.
Rule#2
Connections with profile “DROP COOKIES FOR GOOGLE” will drop all cookies for domain google.com.
Cookies will be dropped for both incoming and outgoing requests.