Starter content security policy

Secure ICAP Gateway includes an initial content security policy as a starting point for creating your own corporate policy.

The starter content security policy contains basic policy routes, content rules, and policy references already applied.

 

The starter content security policy is designed to provide a template which can be adapted to suit the specific requirements of your organization.

We recommend customizing the starter content security policy as soon as possible. This will help your organization enhance its system performance and reduce potential false positives.

The protection that the starter policy provides

The starter content security policy includes a number of web policy routes. Each route specifies two endpoints and a default action for traffic matched by the policy. Some routes also contain content rules.

Web policy route Default action Applied content rules
Everyone to Trusted sites Allow the communication -
Everyone to Security Risk Block the communication

  1. Block Virus

  2. Block Encrypted Data

  3. Block Spyware Call Home

  4. Block Tracking Cookie

  5. Block Executables including ActiveX

  6. Block uploading of Profanity

  7. Detect Malformed Data - Web

  8. Processing of request or response fails (Global)
Everyone to Inappropriate Sites Block the communication

  1. Block Virus

  2. Block Encrypted Data

  3. Block Spyware Call Home

  4. Block Tracking Cookie

  5. Block Executables including ActiveX

  6. Block uploading of Profanity

  7. Detect Malformed Data - Web

  8. Processing of request or response fails (Global)
Everyone to Chat & Instant Messaging Allow the communication

  1. Block Virus

  2. Block Encrypted Data

  3. Block Spyware Call Home

  4. Block Tracking Cookie

  5. Block Executables including ActiveX

  6. Block uploading of Profanity

  7. Detect Malformed Data - Web

  8. Processing of request or response fails (Global)
Everyone to Web Mail & Chat Allow the communication

  1. Block Virus

  2. Block Encrypted Data

  3. Block Spyware Call Home

  4. Block Tracking Cookie

  5. Block Executables including ActiveX

  6. Block uploading of Profanity

  7. Detect Malformed Data - Web

  8. Processing of request or response fails (Global)
Traffic that does not match another route Allow the communication

  1. Block Virus

  2. Block Encrypted Data

  3. Block Spyware Call Home

  4. Block Tracking Cookie

  5. Block Executables including ActiveX

  6. Block uploading of Profanity

  7. Detect Malformed Data - Web

  8. Processing of request or response fails (Global)
  You must ensure you have at least one anti-virus scanner installed and enabled for the security policy to detect viruses.

View the default lexical expression lists

To find out what terms are contained in the lexical expression lists, such as Confidential Material or PCI terms lists, navigate to Policy > Policy References > Lexical Expressions. The Lexical Expression Lists tab displays the currently available lexical expression lists.

See also...