Help
SurfProtect Diagnostic tools
- 27 September 2024
- 7 December 2023
- Exa Support
SurfProtect Diagnostic tools
Introduction
Located in the customer tools section of the left hand navigation menu and accessible from any page within a SurfProtect location
Profile overview
This tool directly compares your settings across the current location, comparing all overriding profiles and the Default Profile to each other.
In the image below, we have the Comparison mode active, which aids you by highlighting differing settings. The mouse is on the External IP Profile column and Violence row – showing an Active status. The contrasting results (Inactive) are highlighted in red for you.
Application control
Application Controls are settings designed to allow or block access to specific applications, websites, and services, without needing to manually configure every necessary URL. Exa has curated a comprehensive list of essential URLs tied to each application or service, enabling streamlined control of your filtering.
These controls simplify the process of managing internet access by eliminating the need to individually track down all endpoints a service uses. With just a few toggles, you can either allow or block a full application or service.
SurfProtect’s Application Controls are set per user or group profile. This allows you to tailor access for different groups or users while maintaining tight control over the same SurfProtect Location.
The Application Controls feature is accessible on each profile’s policy page and can be found highlighted below:
Searching and filtering controls
When selecting edit on the App controls option you will see a list of all the applications that have been defined
The list can be navigated and filtered in two ways:
Group filter: This filter allows you to narrow down the list of Applications by category, such as ‘Games’, ‘Social Media’ or ‘Anti-virus & Security’. To reset the filter, simply choose the ‘Select a group’ option from the dropdown.
Search field: This function enables precise searches by Application name. The search supports partial matches, so typing ‘twi’ will return results like ‘Twitter’ or any other control with that keyword.
Application Control settings
Each Application Control can be in one of three states:
Disabled: The control is inactive and does not influence the filtering of related URLs.
Allow: This enables the pre-configured settings that allow the application or service to function. This could involve permitting URLs, bypassing TLS and authentication processes, allowing communication through non-standard ports and bypassing Captive Portal authentication.
While most controls are initially inactive, there may be some that Exa has designated to be in a specific state by default. Regardless of the initial state, each control can be adjusted to any of the above states using the corresponding dropdown menu.
List overview
The list overview section allows you to manage your existing lists, or create new ones. New lists can be created using the plus icon at the top of the relevant section.
As policy lists, such as Allowed URLs, are independent from Profiles and Locations, this page does not allow you to assign lists to profiles, to do that you will need to navigate to the profile itself.
Note: Changes to these lists will affect every profile using them. A notification should tell you which locations and profiles will be affected by the change.
Customer reclassification
The Customer Reclassification tool allows you to set your own URL classifications or update existing reclassifications you have already made.
For existing reclassifications, clicking on the edit (pencil) icon will allow you to change the classification for the chosen URL. Clicking the delete (bin) button will remove the reclassification.
To add a new URL classification, click on the plus icon. This will allow you to enter the URL you want to reclassify and the classification you want to give it.
To view the existing classification for a URL, you will need to use the Domain Classification tool.
To update a classification, click on the pencil button. This will allow you to select a new classification for that URL.
Domain classification
Accessible on any page, this pop-up allows you to enter a domain within the box to check what classification it has.
Domain Doctor
The SurfProtect Domain Doctor is a diagnostics tool allowing a URL to be passed to the SurfProtect service and check what filtering decision would be made and why that decision was reached.
From this point, you can update the selected SurfProtect Location and SurfProtect Profile. Once the correct Location and Profile are selected, enter the URL that you are seeing an issue with.
URL Data
Global settings: This represents the data that SurfProtect globally applies to this URL. The categories it has, whether TLS will be decrypted and whether it would be challenged for authentication.
Customer settings: Any overriding categories to URLs will be displayed here if any custom category have been applied, along with the ability to update it.
Decision Data
This is the decision response given by the SurfProtect, broken into two parts.
The first section covers the decision data itself:
- Whether the request has been rejected or permitted.
- Whether the request would have been decrypted, which may not match the global setting (Requests will always be decrypted if blocked, for example).
- Whether the request would have been challenged for authentication.
The second section covers what settings were matched against:
- The profile that was matched against.
- The setting that was matched against, be that the allowed, blocked, category lists, extensions, etc.
Resources Data
This table shows all the URLs on the page that was returned for the original URL, with an overview of the decisions for each.
Status: Whether the request was rejected or permitted
Host: The host portion of the URL
Path: The path portion of the URL
Matched setting: The setting the resource matched on, if applicable
Matched Value: The entry or specific setting that was matched, under the matched setting
Suggested Next Read
