Rules Examples

The flexibility of the WinGate rules set allows many policy possibilities. You must decide what security policies you will implement based on your specific requirements. See the notes on Securing your network for details on security.

Example rules: actual policy data is in bold.

everyone can access the WWW Proxy, but they cannot request URL resources ending in .gif or .jpg

no-one can post forms with the HTTP Method, POST.

‘no-one can use SOCKS if they are using version 4 of the protocol’

‘User bobby-sue can access the WWW proxy only from 192.168.0.2 weekdays from 9 - 5 as long as he is using HTTP Method Get, and his user account balance is greater than 0’

‘User mary-bob can check her mail only from 192.168.0.3 weekdays from 9 - 5 as long as she is checking her POP3 username account mary-bob on the server mail.host.com’

Example

You may want to allow access only to a certain site, e.g. www.cnn.com pages.

1. Open the WWW proxy properties

2. Select the Policies tab

3. Remove the default rights selection.

4. Double-click the recipient you wish to restrict, or add a new recipient and edit.

5. The “Criterion is met if:” option should be selected.

To make rules to allow only www.cnn.com, make a filter with a single request criterion of

"Server name equals www.cnn.com"

if you want to add more sites, add more filters with an appropriate criterion.

Three filters like this will allow any pages from these three sites, but nothing from any other sites. The requests tab looks like this:

This means the selected recipient has rights to access CNN or Whitepages or Yellowpages.

Note:

In the picture above, the name next to each book icon is arbitrary, but it is useful if it contains some descriptive information.