New Feature: Verified Stolen Credential Detection

Ready to help

Can Push block users from visiting websites?

Yes. Push can block employees from using unapproved legitimate apps, or from visiting malicious websites.

  • You can block employees from signing up to or logging in to legitimate apps, using an App banner in Block mode. Employees will see your custom message in a banner that covers the center of the screen. For more details about using app banners, refer to this help article.

  • You can prevent employees from visiting malicious websites by configuring a block of specific URLs using the URL blocking feature. For more details about URL blocking, refer to the rest of this article.

If employees try to visit a blocked URL, they will see your custom block message instead of the site.

You can configure URL blocking on the Controls page of the Push admin console.

Sample block page for URL blocking - KB 10112

This feature allows you to respond to phishing incidents by blocking the phishing URL across your entire workforce. You can also implement blocks for known-bad websites.

Push will also emit a webhook event when a blocked URL is visited. You can programmatically manage URL blocking as part of responding to an attempted phishing incident by using the Push REST API to automatically add URLs to the blocklist or to sync with other threat intelligence sources of known-bad sites.

Syntax for adding URLs

When adding URLs to your blocklist, you can use a wildcard * (star / asterisk character) to partially match website domains.

For example, *.example.com will catch any subdomains in example.com.

Note: URL match patterns do not support the syntax *.example.* You must use the syntax *.example.com or *.example.org if you wish to have a wildcard for subdomains.

To catch all pages on a domain, use the syntax example.com/*. You can combine these two approaches to catch all pages and all subdomains by using the syntax *.example.com/*

Markdown for styling custom message

The custom message field for the block page supports link and email syntax using markdown, but no other formatting.

Example markdown:

  • [Push Security](https://pushsecurity.com)

  • [Steph](mailto:steph@ctrlaltsecure.com)