Can Push block users from visiting websites?

Yes. You can prevent employees from visiting malicious websites by configuring a block of URLs using the URL blocking feature.

If employees try to visit a blocked URL, they will see your custom block message instead of the site.

You can configure URL blocking on the Controls page of the Push admin console.

This feature allows you to respond to phishing incidents by blocking the phishing URL across your entire workforce. You can also implement blocks for known-bad websites.

Push will also emit a webhook event when a blocked URL is visited. You can programmatically manage URL blocking as part of responding to an attempted phishing incident by using the Push REST API to automatically add URLs to the blocklist or to sync with other threat intelligence sources of known-bad sites.

When adding URLs to your blocklist, you can use a wildcard * (star / asterisk character) to partially match website domains.

For example, *.example.com will catch any subdomains in example.com.

Note: URL match patterns do not support the syntax *.example.* You must use the syntax *.example.com or *.example.org if you wish to have a wildcard for subdomains.

To catch all pages on a domain, use the syntax example.com/*. You can combine these two approaches to catch all pages and all subdomains by using the syntax *.example.com/*

The custom message field for the block page supports link and email syntax using markdown, but no other formatting.

Example markdown:

• [Push Security](https://pushsecurity.com)

• [Steph](mailto:steph@ctrlaltsecure.com)