Description

Policies are where you can specify websites that are deemed allowed or blocked based on your business's policy. Allowed websites are considered safe and will not go through Conceal's decision engine or be put into isolation. Blocked websites will be blocked entirely. Policies are an optional step and can be added or removed at any time. Below we will outline how to add, edit, and delete a policy, and how to audit policy changes.

Procedure

1. Open your web browser and navigate to the Conceal Dashboard at https://dashboard.conceal.io - login if necessary.
2. On the left-hand side go to the Policy section, or you can go to https://dashboard.conceal.io/policy

3. If there are already policies in place you will see them here. The Allowed column represents if the website is Allowed or Blocked. A red X indicates he website is blocked, and a green checkmark indicates the website is allowed.

4. To add a new Policy click the button labeled New Website Policy

5. This will pop up a window for you to add the Policy. Put the website URL that you'd like to block in the Source field. In the Allow or Block dropdown box, select the appropriate action for the website. You can optionally add a description. 
   Note: You may use asterisks for wildcards to capture any subdomains. Placing an asterisk will tell the policy to ignore anything after the asterisk. If your policy is not working as intended, please try this method, for example CIDR notation doesn't always work. An example of using wildcards:
   https://websitehere:*
   This tells the policy that anything after the asterisk is to be ignored. Ex: https://websitehere:forward would also be included in this policy.
6. You can also test a URL to ensure it falls in the policy by entering a URL and clicking Test URL. For example, you can test the URL https://www.speedtest.net/apps to ensure that the policy https://www.speedtest.net/* will allow/block that URL. 
7. Save this change by clicking the button labeled Add Policy.
   
8. The change can take up to 5 minutes to take effect. Allowed websites should not be put into isolation and should behave as usual. Blocked websites will show a message letting the user know the site has been blocked.
   
   

Add a policy from the Intervention Report

1. In the Conceal dashboard, navigate to Reports on the left hand menu -> Interventions Report
2. On any intervention, scroll over to the right and click the Edit icon
3. This will populate the URL from the intervention selected and populate that URL in the Source field. You can also edit the policy to add syntax to capture subdomains. For more details, see steps above.

Add a policy from a feedback submission

1. In the Conceal dashboard, navigate to Feedback on the left hand menu
2. On any of the Feedback entries, click the 3 dots on the far right to open the menu. Then click Details.
3. This will show you details on the Feedback request and can help make and informed decision if you should enter a policy. To add a policy, can click on the bottom right of the dialog box Add Policy. This will automatically enter the policy and you will see that in the Policy section.
   **Note: Adding a policy here will include the exact URL that was on the Feedback request. Depending on the submission, you may need to edit the policy to capture all subdomains as well.

Manage Policies

1.  To edit a policy, click the blue pencil icon next to the appropriate policy. To delete a policy, click on the red trash can icon. Click the history icon to see audits on a policy. Go to step 2 for more information on auditing.
2. This will bring up an audit log for the specific policy which allows you to track who in your organization made changes to policies for better transparency and accountability.

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.