Protocols (Regular Profile) : Managing Protocols White List : White List Rule Parameters : Hosts
  
Hosts
The Hosts parameter applies to the Any, FTP, HTTP, IBM Notes, ICQ Messenger, IRC, Jabber, Mail.ru Agent, MAPI, SMB, SMTP, SSL, and Telnet protocols.
This parameter specifies a list of allowed hosts for this rule. If this list is specified, these hosts will not be blocked.
Hosts may be specified in any of the following formats:
DNS name (for example, company.com). You can use the asterisk (*) wildcard in DNS names (for example, *.company.com matches any server name that ends in .company.com). For the HTTP protocol, in the Hosts field, you can specify not only addresses of websites, but also addresses of individual web pages. In this way, for example, you can white-list only pages at company.com/section/page.
 
Important: Since DeviceLock uses the Hosts local file for host name resolution, an attacker with local administrator rights can tamper with the Hosts file in order to bypass DeviceLock security policies. For example, if the white list allows HTTP access to company.com, the attacker can gain access to unauthorized www.ru by adding the 194.87.0.50 company.com entry to the Hosts file. To minimize security risks, we recommend that you secure the Hosts file by selecting the Prevent Changes In System Configuration Files check box in the DeviceLock Administrators parameter setting in Service Options.
IPv4 address (for example, 12.13.14.15). You can specify a range of IPv4 addresses separated by a dash (-) (for example, 12.13.14.18-12.13.14.28). You can also specify the subnet mask for the IPv4 address using the following format: <IPv4 address>/<subnet mask width in bits> (for example, 3.4.5.6/16).
IPv6 address, such as fe80:0000:0000:0000:0a2f:7e00:0004:533a, fe80:0:0:0:a2f:7e00:4:533a, or fe80::a2f:7e00:4:533a.
Multiple hosts must be separated by a comma (,) or semicolon (;). You can also press ENTER after each entry. You can specify multiple hosts in different formats described above (for example, www.microsoft.com; 12.13.14.15, 12.13.14.18-12.13.14.28).
When adding hosts to the white list, consider the following:
If objects (images, scripts, video, Flash files, ActiveX, etc.) on a web page are downloaded from other hosts, you must add those hosts to the white list to load the web page correctly.
If you specify hosts and do not specify ports, the hosts can be accessed through all available ports.
An application with an embedded SSL certificate (for example, Dropbox, Yandex.Disk, Google Drive, iTunes Google contacts synchronization module, etc.) will fail to connect to its server when the NetworkLock module is active. The NetworkLock module becomes active when you define settings for protocols. To solve this issue, add the server host to the white list for SSL. You can use TcpView to look up the server host. Whitelisting a server host causes all SSL traffic between an application and the specified server host to bypass access control, audit, shadow copying and content filtering.
When Outlook starts it connects to both the Exchange server and domain controller. If you set the No Access permission for the MAPI protocol and then add a MAPI white list rule, you must specify the host name of your Exchange server and the host name of the domain controller to avoid connection problems.
The same applies to the IBM Notes client, IBM Domino server and to the names of the domain controllers.