Web access control

With this protection, you can limit access to specific web content categories and individual URLs to optimize network bandwidth and increase business productivity.

To enable or disable it, click the Enable Web access control toggle.

Limitations with HTTP/3 (QUIC) protocol

Because the security software does not inspect the HTTP/3 (QUIC) protocol, the web access control feature does not support browsers with that protocol.

To resolve this issue, use one of these options:

Add a filter rule from the Panda Adaptive Defense 360 console to block traffic on port 80, port 8080, and port 443

This procedure is effective on Windows devices only.

  • From the top menu, select Settings. From the side menu, select Workstations and servers. A page opens that shows all settings profiles created so far.

  • Select an existing security settings profile to edit, or in the upper-right corner of the page, click Add to create a new profile. The Add settings or Edit settings page opens.

  • Select the Firewall (Windows computers) section. The settings associated with the firewall appear.

  • Click Enable the firewall (if it is disabled).

  • In Connection rules, click the icon to create a new filter rule.

  • In the Name and Description fields, enter a name for the filter rule and a description (optional).

  • In the Action field, select Deny.

  • In the Direction field, select Outbound.

  • In the Zone field, select the type of network for which you want to apply the block rule on the user computer. See Network types.

  • In the Protocol field, select UDP.

  • In the Remote ports field, select Custom. A new field appears.

  • In the Custom field, add port 80, port 8080, and port 443 separated by a comma.

  • Click OK. Click Save. The settings profile is saved and automatically sent to all computers that have it assigned.

After the firewall rule is applied to the computers on the network, the user browser cannot send requests that use the UDP protocol on port 80, 8080, or 443. This forces the browser to send its requests with the TCP protocol on port 80, which corresponds to HTTP/2.

For more information about how to create firewall rules in Panda Adaptive Defense 360, see Connection rules.

Disable HTTP/3 (QUIC) protocol in browsers on user devices

Browser settings can vary for different versions.

  • Google Chrome

    • In the browser address bar, type chrome://flags.

    • Disable the Experimental QUIC protocol option.

  • Microsoft Edge

    • In the browser address bar, type edge://flags/.

    • Disable the Experimental QUIC protocol option.

  • Mozilla Firefox

    • In the browser address bar, type about:config.

    • Disable the network.http.http3.enabled option.

  • Opera

    • In the browser address bar, type opera://flags/#enable-quic.

    • From the Experimental QUIC protocol drop-down menu, select Disabled.

Configuring time periods for the web access control feature

This option enables you to limit access to certain website categories and denied sites during business hours and authorize it during non-business hours and weekends.

To configure Internet access time limits, select the Enable only during the following times option.

Specify when you want to enable web access control. On the calendar, select the days and hours when you want to enable it.

  • Click the day to select the whole day.

  • Click and drag the squares to select multiple days and times.

  • To select every day of the month, click the Select all button.

  • Click Clear to disable web access control for all of the times selected.

Denying access to specific web pages

Panda Adaptive Defense 360 groups the web pages it classifies into 160 content categories. To deny access to a certain type of web content category, select it from the list.

If a user visits a web page that belongs to one of the forbidden categories, a warning page appears that indicates that access is denied and the reason.

Denying access to pages categorized as unknown

To deny access to pages characterized as unknown, enable the Deny access to pages categorized as unknown toggle.

Internal and intranet sites accessible on ports 80 and 8080 could be categorized as unknown. To avoid this, add exclusions for internal pages you want to allow.

List of allowed/denied addresses and domains

You can set a list of pages that are always allowed (allowlist) or blocked (blocklist), regardless of the category that they belong to:

  • In the text box, enter the URL of the relevant IP address or domain.

  • Click Add.

  • Use the Delete and Clear buttons to edit the list according to your needs.

  • Click OK to save the settings.

To add multiple similar domains to a list without having to specify each domain separately, you can add the part of the domain names that is common to all of them. The wildcard character (*) is not supported.

For example, https://www.mydomain.com/test represents these domains (among others):

  • https://www.mydomain.com/test/test2.htm

  • https://www.mydomain.com/testing.htm

  • https://www.mydomain.com/test/test2/

Database of URLs accessed from computers

Each computer on the network keeps a database of the URLs accessed from it. This database is located in:

%programdata%\Panda Security\Security Protection\urlcounters.dg

This database is in SQLite3 format and can only be accessed from the computer for a period of 30 days.

The data stored is this:

  • User ID.

  • Protocol (HTTP or HTTPS).

  • Domain.

  • URL

  • Returned category.

  • Action (Allow/Deny).

  • Date accessed.

  • Access count (by category and domain).