A method and computer program product that allow a firewall program to control whether an application program is granted access to a wide area network (WAN), such as the Internet. The method allows the firewall to receive an access request definition from the application program through a well-known port. A preferred request definition comprises the application unique identifier, a destination address, the port, and a corresponding justification statement. The firewall intercepts access requests sent by the application program and identifies a matching access request definition. The firewall then prompts a user to approve or deny the request, wherein the prompt is accompanied by the justification statement from the identified access request definition. Accordingly, the user is better able to make an informed decision whether or not to grant the access request.