> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cystack.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Web Access Control

> Control website access according to enterprise policies

## Web Access Control

<Card>
  **Use Cases:**

  * Block access to social media or entertainment sites during business hours to help employees stay focused.
  * Restrict access to sensitive internal portals to authorized personnel only, prevent unauthorized access to internal resources.
</Card>

### Block Websites by Category

The solution provides predefined categories, enabling administrators to quickly configure blocking rules for common website types. To restrict employee access to websites within specific categories, follow these steps:

<Steps>
  <Step title={<>Navigate to "Endpoint" {'\u2192'} "Prevention" {'\u2192'} "Websites".</>} />

  <Step title={<>Enable the policy corresponding to the target category, e.g., <code>Social networks</code>.</>} />

  <Step title={<>In the popup window, select the devices to apply the policy to and define the specific schedule for the restriction.</>} />

  <Step title="Save the policy:">
    Once saved, the selected devices will be denied access to any websites falling under the selected category.

    <img src="https://mintcdn.com/cystack/VpRN_kk1rAZUN_De/images/endpoint/en-web-category-block.png?fit=max&auto=format&n=VpRN_kk1rAZUN_De&q=85&s=1e2ad6dabe8ba439ca29b0abf9f35282" alt="web-category-block.png" width="1590" height="890" data-path="images/endpoint/en-web-category-block.png" />
  </Step>
</Steps>

### Allow or Block Specific Websites

In addition to category-based filtering, administrators can explicitly block or allow access to specific domains. For example:

* Grant specific Marketing staff access to TikTok for brand development, while blocking social media access for the rest of the organization.

To create a custom policy, perform the following steps:

<Steps>
  <Step title={<>In the Custom websites tab, click the <code>Add web policy</code> button.</>} />

  <Step title={<>Select the action <code>Block</code> or <code>Allow</code>, enter the target domain name, and select the applicable devices.</>}>
    <img src="https://mintcdn.com/cystack/NwFcT4Q52zfPNCn3/images/endpoint/en-custom-web-policy.png?fit=max&auto=format&n=NwFcT4Q52zfPNCn3&q=85&s=1b58ecd5f8cc26455a9e58a453eb7586" alt="custom-web-policy.png" width="607" height="583" data-path="images/endpoint/en-custom-web-policy.png" />
  </Step>

  <Step title="After creation, you can arrange the priority order of the policies. The lower the number, the higher the priority.">
    **Example:**

    * Device <code>ping-PC</code> with the tag <Badge color="blue">Dev</Badge> has a "Block facebook.com" policy with a priority of 2.
    * However, the same <code>ping-PC</code> device also has the tag <Badge color="orange">Lead</Badge>, which has an "Allow facebook.com" policy with a priority of 1.
      {'\u2192'} The <code>ping-PC</code> device will be **allowed** to access facebook.com.
  </Step>
</Steps>
