You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* new BISO policy settings
* Update src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx
Co-authored-by: Patricia Santa Ana <[email protected]>
---------
Co-authored-by: Patricia Santa Ana <[email protected]>
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx
+53-27Lines changed: 53 additions & 27 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,53 +43,79 @@ You can choose to disable isolation for certain destinations or categories. The
43
43
44
44
## Policy settings
45
45
46
-
The following optional settings appear in the Gateway HTTP policy builder when you select the _Isolate_ action. Enable these settings to [prevent data loss](https://blog.cloudflare.com/data-protection-browser/) when users interact with untrusted websites in the remote browser.
47
-
48
-
### Disable copy / paste
49
-
50
-
Prohibits users from copying and pasting content between a remote web page and their local machine.
46
+
The following optional settings appear in the Gateway HTTP policy builder when you select the _Isolate_ action. Configure these settings to [prevent data loss](https://blog.cloudflare.com/data-protection-browser/) when users interact with untrusted websites in the remote browser.
47
+
48
+
### Copy (from remote to client)
49
+
50
+
```mermaid
51
+
flowchart LR
52
+
subgraph remotebrowser[Remote browser]
53
+
siteA["Isolated
54
+
website"]--Data-->remoteclip["Remote
55
+
clipboard"]
56
+
end
57
+
subgraph client[Client]
58
+
localclip["Local
59
+
clipboard"]
60
+
end
61
+
remoteclip-->localclip
62
+
```
51
63
52
-
### Disable printing
64
+
-_Allow_: (Default) Users can copy content from an isolated website to their local clipboard.
65
+
-_Allow only within isolated browser_: Users can only copy content from an isolated website to the remote clipboard. Users cannot copy content out of the remote browser to the local clipboard. You can use this setting alongside [**Paste (from client to remote)**: _Allow only within isolated browser_](/cloudflare-one/policies/browser-isolation/isolation-policies/#paste-from-client-to-remote) to only allow copy-pasting between isolated websites.
66
+
-_Do not allow_: Prohibits users from copying content from an isolated website.
67
+
68
+
### Paste (from client to remote)
69
+
70
+
```mermaid
71
+
flowchart LR
72
+
subgraph client[Client]
73
+
localclip["Local
74
+
clipboard"]
75
+
end
76
+
subgraph remotebrowser[Remote browser]
77
+
remoteclip["Remote
78
+
clipboard"]-->siteA["Isolated
79
+
website"]
80
+
end
81
+
localclip--Data-->remoteclip
82
+
```
53
83
54
-
Prohibits users from printing remote web pages to their local machine.
84
+
-_Allow_: (Default) Users can paste content from their local clipboard to an isolated website.
85
+
-_Allow only within isolated browser_: Users can only paste content from the remote clipboard to an isolated website. Users cannot paste content from their local clipboard to the remote browser. You can use this setting alongside [**Copy (from remote to client)**: _Allow only within isolated browser_](/cloudflare-one/policies/browser-isolation/isolation-policies/#copy-from-remote-to-client) to only allow copy-pasting between isolated websites.
86
+
-_Do not allow_: Prohibits users from pasting content into an isolated website.
55
87
56
-
### Disable keyboard
88
+
### File downloads
57
89
58
-
Prohibits users from performing keyboard input into the remote web page.
90
+
-_Allow_: (Default) User can download files from an isolated website to their local machine.
91
+
-_Do not allow_: Prohibits users from downloading files from an isolated website to their local machine.
59
92
60
93
:::note
61
-
62
-
Mouse input remains available (to allow users to browse a website by following hyperlinks and scrolling). This does not prevent user input into third-party virtual keyboards within a remote web page.
94
+
This option does not prevent files from being downloaded into the remote browser. To prevent files being downloaded into the remote browser, use HTTP Policies to block by [Download Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type).
63
95
:::
64
96
65
-
### Disable upload
97
+
### File uploads
66
98
67
-
Prohibits users from uploading files from their local machine into a remote web page.
99
+
-_Allow_: (Default) Users can upload files from their local machine into an isolated website.
100
+
-_Do not allow_: Prohibits users from uploading files from their local machine into an isolated website.
68
101
69
102
:::note
70
-
71
103
This option does not prevent files being uploaded to websites from third-party cloud file managers or files downloaded into the remote browser download bar from other isolated websites. To prevent files being uploaded from the remote browser into an isolated website, use HTTP Policies to block by [Upload Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type).
72
104
:::
73
105
74
-
### Disable download
106
+
### Keyboard
75
107
76
-
Prohibits users from exporting files from the remote browser to their local machine.
108
+
-_Allow_: (Default) Users can perform keyboard inputs into an isolated website.
109
+
-_Do not allow_: Prohibits users from performing keyboard inputs into an isolated website.
77
110
78
111
:::note
79
-
80
-
This option does not prevent files from being downloaded into the remote browser. To prevent files being downloaded into the remote browser, use HTTP Policies to block by [Download Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type).
112
+
Mouse input remains available to allow users to browse a website by following hyperlinks and scrolling. This does not prevent user input into third-party virtual keyboards within an isolated website.
81
113
:::
82
114
83
-
### Disable clipboard redirection
115
+
### Printing
84
116
85
-
Prevents copying isolated content from the remote browser to their local clipboard and pasting content from their local clipboard into isolated pages.
86
-
87
-
:::note
88
-
89
-
This option does not prevent clipboard interactions between isolated websites. Use [Disable copy / paste](/cloudflare-one/policies/browser-isolation/isolation-policies/#disable-copy--paste) to prohibit clipboard use on sensitive isolated applications.
90
-
91
-
Disable copy / paste and Disable clipboard redirection are mutually exclusive and cannot be used in conjunction with each other.
92
-
:::
117
+
-_Allow_: (Default) Users can print isolated web pages to their local machine.
118
+
-_Do not allow_: Prohibits users from printing isolated web pages to their local machine.
0 commit comments