Sophos Central – Web Control Policy

What is Web Control?

Web control is an additional feature available in the following licenses:

  • Sophos Central Endpoint Protection Advanced.
  • Sophos Central End-user Protection.
  • Sophos Central Server Advanced Protection.

Note: Web Control is a feature of the Sophos Central Server Advanced license. A User license is also required for each individual that you allow to access the internet from the server, for example using Remote Desktop/ Terminal Services. This is in line with Sophos’ EULA which defines a User as an employee, consultant or other individuals who benefit from the Product.

What can you take advantage of it?

Web control is focused on giving the administrator control over web browsing with specific differences between User Policies and Server Policies:

User Policies

  • Block by category of the site
  • Block particular file types or specific websites
  • Prevent access to sites that increase the risk to the organization.
  • Help improve productivity and potentially limit bandwidth.
  • Policies for Web control can also be configured to apply to users only at certain times of the day if required.
  • Applies to the logged on User

Server Policies

  • Provides control of potentially inappropriate websites for acceptable use by site category.
  • Applies to any account that accesses the internet from the server.

How to block Website by category?

In this tutorial, I will block Streaming Media. Login to Sophos Central, go to Policy under Endpoint Protection, Add Web Control Policy.

Assign Users/Groups or both to assigned list.

Next, click on the Settings tab, enable Acceptable web usage > choose Let me specify… > Categories likely to cause excessive bandwidth usage, choose Let me specify… > Streaming Media > choose Block, you may block Peer to Peer or Phone Download also.

Scroll down to bottom you will see the option Apply this web control policy at set times only enable it. Then add appropriate Schedule time for your company.


Save the policy then try to test by accessing some Streaming Media, you will be prompt a blocked message from Sophos.

Note: There is no visible indication provide for HTTPS page interceptions. The browser will display messages such as Safari Can’t Open the Page or This webpage is not available.


How to exempt a website?

One way to exempt a website is to use tags. For example, if you wanted to allow the site:, that was previously blocked, you could do as follows:

  • Navigate to Global Settings then select Website Management.
  • Click Add.
  • Enter the address:
  • Create a new tag called Allow for HR.
  • Click Save.

  • The Website Management page should reflect the new entry.
  • In the Web control policy linked to the users that you wish to allow the site, under the section Control sites tagged in Website Management, you can add an choose to Allow the Allow

  • After saving the updated policy, within about 30 seconds the computer should now allow the site specified when it was previously blocked.

Note: It is also possible to override the category of a site in a similar way using the Website Management page.

0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments