How to restrict access by browser

Overview

This guide explains how to block the use of certificates in individual browsers when a policy grants access to all applications. It's intended for administrators who manage access policies.

warning

By default, Redtrust does not allow the use of certificates to any applications or websites. This guide only applies if you've configured a total access policy and need to restrict certain browsers.
If you haven't created such a policy, consider defining access rules that only allow supported browsers instead of blocking disallowed ones.

Before you start

Make sure you have the following:

• A policy that allows access to all applications. If you don’t have one, follow Step 3 of the initial Redtrust configuration.
• The specific certificates and users or groups that the blocking policy should apply to.

Step 1: Create browser application group

1. Go to Policies > Applications > Add application group.

2. Create an application group for the browser you want to block. For example, to block the Opera browser:

   1. In Application group name, add opera.
   2. In Element definition, select Process.
   3. In Process name, add opera and click Add.
   4. Click Apply.

   

Step 2: Create browser blocking policy

To create a policy:

1. Go to Policies > Policies > New.
2. In the General section, fill the following fields:
   • Name: block opera.
   • Action: Deny.
   • Priority: Set a higher priority than the total access policy. Keep in mind that higher priority means a lower number, for example, if the total access policy is set to 2, assign 1 to this policy.
   • Click Next.
3. In the Certificates section, select the certificates you want the policy to apply to. Click Next.
4. In the Who? section, select the users or groups that you want the policy to apply to. Click Next.
5. In the Where? section, click Add applications and select the app group opera you created in Step 1. Click Next.
6. In the When? section, select the time option you need and then click Next.

Step 3: Verification

To verify that the browser is blocked:

1. Open the blocked browser and try to use a certificate.
2. Redtrust should deny the request.
3. Open the Events section in the admin console and confirm that the event appears as denied.

Summary

You've successfully blocked a browser from using certificates. This setup combines:

• A denial policy with a high priority that targets a known process.
• A total access policy with a lower priority.

This way, you can allow general access while preventing the use of certificates in blocked browsers.