You can manage user access to Internet resources using traffic processing rules. All rules are either access rules or protection rules. You can create groups of access rules and groups of protection rules. Within a group, rules are checked in the order of precedence in the table, top to bottom.
Kaspersky Web Traffic Security begins processing traffic by checking access rules. If access to the Internet resource is allowed, the application moves on to scanning the traffic by applying protection rules.
Kaspersky Web Traffic Security processes traffic starting using the highest-priority rule. If the specified conditions are not satisfied, the application checks the conditions of the rule with the next priority. As soon as conditions specified in a rule are satisfied, processing parameters specified in that rule are applied to the traffic, and further condition matching is stopped.
The order of priority depends on existence of a workspace.
Defining rule priority with workspaces
If a workspace was added, Kaspersky Web Traffic Security classifies all traffic processing rules as global rules (applying to all workspaces) or workspace rules (created for a specific workspace).
Triggering algorithm of traffic processing rules if workspaces are set up
First of all, the application checks global rules of the highest priority. They can be viewed in the Rules section of the Before workspace rules tab.
Workspace rules apply if the processed Internet resource does not satisfy the conditions of any global rule of the highest priority. Workspace rules are displayed and configured in the Workspaces section when you select the workspace.
After workspace rules, the application goes on to check lower-priority global rules. They can be viewed in the Rules section of the After workspace rules tab.
If none of the low priority rules contains conditions appropriate for the given Internet resource, traffic is processed in accordance with default rules — Default Access Rule and Default Protection Rule. In this case, the application allows access to all Internet resources which are not banned as a result of scans for viruses and phishing, specific legitimate applications that could be exploited by attackers, and other programs that pose a threat. Default rules are created at the moment of installation of Kaspersky Web Traffic Security and are displayed in the Rules section in the After workspace rules tab. You cannot change or remove default rules.
Defining rule priority without workspaces
If no workspaces are set up, network traffic is processed in accordance with global rules going from highest to lowest in the list until the first condition match. If none of the rules contain condition for the given Internet resource, default rules are applied.