About Time Policy

This release of Clearswift SECURE Web Gateway includes the following enhancements:

• Time Policy.
• Browsing Time Policy settings.
• Browse time quota bypass settings.
• Block Page Override for Web Policy Routes.

Time Policy

Time policy provides organizations with the flexibility of allowing employees the benefit of personal internet browsing, for example, shopping, web mail, social networking or gaming, and the assurance that this benefit is not being abused. This is achieved by monitoring the browsing activity of all employees and keeping the restricted browsing within reasonable time limits, and within defined period of the day, i.e. 1 hour during a 2 hour lunch period.

The following points describe the new capabilities relating to Time Policy and show how an organization can restrict the amount of time employees can spend browsing to ‘non-business’ sites:

• Web Policy Routes with a browsing time quota are indicated by the clock icon ( ) adjacent to the route.

• Each Web Policy Route can have its own unique browsing time quota defined.

The green area defines when access to this route, for example, shopping sites, is allowed with no time restrictions i.e. before 7am and after 5pm. Unlimited access to shopping sites would be permitted outside the normal working hours for those that either arrive early, or stay late.

The orange area defines a period of time between 11am and 2pm where access to this route, for example, shopping sites, is restricted to a maximum of 60 minutes browsing within the 4 hour period. Employees would be expected to take their lunch hour at sometime within this four hour period.

On Friday, the office closes early at 4:30pm rather than 5pm. To account for this earlier finish time the unrestricted period defined by the green area starts 30 minutes earlier and the lunch period defined by the blue area only allows for 30 minutes of lunchtime browsing within the four hour lunch period.

The schedules will allow all organizations to create schedules to suit their particular needs. Four time quotas can be defined, and each Web Policy Route can use its own schedule.

For further information, see the following:

• The Manage Policy Routes Page
• Creating or Editing a Policy Route
• Specifying the Default Action of a Route
• Specifying the Time Policy Schedule

Sites may require time quotas from more than one Web Policy Route.  For example, a site could be in the Web Mail category but redirect to another site in the Everywhere category and both sites have a Time Policy that may conflict. HTTP POST and HTTP CONNECT requests are included in the browse time but will never trigger a Block Page Override or Quota Warning page.

Browsing Time Policy settings

There are also three Global Web Policy parameters that can be set in relation to Time Policy:

• Time to read a page
  It is impossible for any system to perfectly calculate the time that an employee spends browsing and some assumptions must, therefore, be made. For example, an employee could request a URL and then leave their computer before the page is displayed. The Web Gateway will have received the request and delivered the page but cannot know whether, for example, the user reads the page, continues working on something else, or attends a meeting in another location. Therefore, some assumptions have to be made when calculating the browse time, and one of these assumptions is based on the value entered in this option, the time an employee takes to read a web page. By default, if the Web Gateway receives a request for a URL then 120 seconds will be added to the requesting employees total browse time unless another request is received prior to the 120 seconds passing. If another request is received then the time between the two requests will be considered as continuous browsing.
• Additional browsing time allowed after overriding a Block Page.
  If an employee has used up their browse time quota for shopping sites, for example, they can opt to override the block page and continue browsing for ‘business reasons’.
• The remaining browsing quota when the Quota Warning page will be displayed.
  If the employee is, for example, using a Shopping site, the warning will allow them to complete any purchases before the quota expires.

For further information, see Browsing Time Policy.

Browse time quota bypass settings

When calculating an employee’s browsing time it is also important to realize that any client applications that make URL requests on behalf of the employee, such as a task bar plug-in to check for new web mail, will use up the Browse Time Quota for that employee if the requested URL is part of a route with a Time Quota. If there are particular web requests that should be excluded from the browse time calculations, which can be identified by HTTP header or URL, then these can be excluded from the calculations.

For further information, see Adding a Quota Bypass.

RSS feeds will be included in the Browsing Time Quota which can result in the quota being used without browsing because the RSS reader checks the subscribed feeds regularly for new material. To exclude RSS feeds, you will need to add the URL of each RSS server to the URL Bypass list, as described in Adding a Quota Bypass.

Block Page Override for Web Policy Routes

Two additional time quota options are available, override and expiry warning:

• Block Page Override

The block page override allows an employee to override the block page that is displayed when their time limit has been reached and continue browsing.

For example, an employee may have used up their browse time quota for shopping sites and later on the same day they are researching competitive products on the web as part of their job function. This research may involve sites correctly classified as shopping but because the employee has used up their ‘shopping’ browse time quota they would not normally be able to access the site. However, if block page override has been configured on the route then the employee can opt to override the block page and continue browsing for ‘business reasons’.

A user is permitted an additional 10 minutes by default following a block page override. You can configure this time to up to 60 minutes using the Global Web Policy page. See Browsing Time Policy for more information.

• Expiry Warning

Expiry Warning warns an employee that the quota about to expire is optional and will allow them to complete any remaining transactions before the time expires.

The Block Page Override and Quota Warning pages which are displayed to the employee are editable and the text can be changed to reflect the Acceptable Usage Policy (AUP) being enforced.

The Block Page Override option can be added to any route not just those with a time schedule defined.

For further information, see the following:

• About End User & Block Pages
• Configuring the Quota Warning Page
• Configuring the Block Page Override Page

References to Web policy content will only be available when a Clearswift Web Gateway is added to the peer group.