Web profile override

You can use the following profile override methods:

  • Administrative override
  • Allow users to override blocked categories

Administrative override

Administrators can grant temporary access to sites that are otherwise blocked by a web filter profile. You can grant temporary access to a user, user group, or source IP address. You can set the time limit by selecting a date and time. The default is 15 minutes.

When the administrative web profile override is enabled, a blocked access page or replacement message does not appear, and authentication is not required.

Scope range

You can choose one of the following scope ranges:

  • User: authentication for permission to override is based on whether or not the user is using a specific user account.
  • User group: authentication for permission to override is based on whether or not the user account supplied as a credential is a member of the specified user group.
  • Source IP: authentication for permission to override is based on the IP address of the computer that was used to authenticate. This would be used for computers that have multiple users. For example, if a user logs on to the computer, engages the override by using their credentials, and then logs off, anyone who logs on with an account on that computer would be using the alternate override web filter profile.
    Note

    When you enter an IP address in the administrative override method, only individual IP addresses are allowed.

Differences between IP and identity-based scope

Using the IP scope does not require using an identity-based policy.

When using the administrative override method and IP scope, you might not see a warning message when you change from using the original web filter profile to using the alternate profile. There is no requirement for credentials from the user so, if allowed, the page will just appear in the browser.

Configuring a web profile administrative override

This example describes how to override the webfilter profile with the webfilter_new profile.

To configure web profile administrative override using the GUI:
  1. Go to Security Profiles > Web Profile Overrides and click Create New.
  2. Configure the administrative override:
    1. For Scope Range, click Source IP.
    2. In the Source IP field, enter the IP address for the client computer (10.1.100.11 in this example).
    3. In the Original profile dropdown, select webfilter.
    4. In the New profile dropdown, select webfilter_new.

      In the Expires field, the default 15 minutes appears, which is the desired duration for this example.

  3. Click OK.
To configure web profile administrative override using the CLI: