Products Partners Download Buy Network About Community Help  

User Guide Overview

Installing/Upgrading Introduction System Requirements Compatibility RAID Support Starting the Install/Upgrade Configuration Options Partitioning and RAID Troubleshooting

Post-Installation - First Boot Network Configuration Web-based Administration System Registration

Network Settings Bandwidth DHCP Server Hosts and DNS Server IP Settings LAN Configuration Multi-WAN Network Tools UPnP Wireless

Firewall 1 to 1 NAT Advanced DMZ Group Manager Incoming Outgoing Peer-to-Peer Port Forwarding

Security Intrusion Detection Intrusion Prevention

Accounts Users Groups Organization Administrators

System Backup and Restore Date Encrypted File Systems Language Running Services Shutdown and Restart SMTP Relay SSL Certificate Manager Webconfig

Backup LAN Backup/Recovery

Database Database

E-mail Antispam Antispam - Dspam Antispam - Training Antivirus Aliases Archive Filters / Greylist Maildrop POP and IMAP SMTP Mail Server Webmail

File and Print Services Flexshare FTP Server Print Server Windows Networking

Filtering and Proxying Access Control Ad and Pop-up Blocker Content Filter Web Proxy

Groupware Groupware Setup

VPN Desktop-to-LAN / PPTP LAN-to-LAN / IPsec OpenVPN

Web Photo Gallery Web Server

Reports Current Status Dashboard Overview Intrusion Detection Logs SMTP Mail Statistics Web Proxy Web Server


Contact Us
  Sales Enquiry
  Tech Support

 
         
  Current Document and Section   Other Documents  
  - Documentation
    - User Guide
   DNS and Domains
Gateway Services Guide
Release Notes
Howtos
  
 

Modules - Content Filter

Contents

Overview

Content Filter Infrmation
Description A smart and robust web content filter..
Package Name cc-dansguardian-av
Configuration Page Software > Proxy and Filtering > Content Filter


The content filtering software blocks inappropriate websites from the end user. The software can also be used to enforce company policies; for instance, blocking personal webmail sites like Hotmail can decrease lost productivity at the office.

The filter engine uses a variety of methods including phrase matching, URL filtering and black/white lists. Although the fitler works effectively 'out-of-the-box', for best results, we recommend subscribing to a service level the includes the 'Content Filter Update' service (see Services link below). By keeping your blacklist up-to-date, you will be providing your LAN with the most effective blocking solution against the 'churn' of sites that change daily.

Services

New sites appear, old sites disappear and current sites move around. By enabling the Content Filter Updates service, you will receive regular updates to the filter lists. See website for more details.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

Configuration

The web-based administration tool gives you access to a number of configuration settings. The filter must be run in parallel with the Web Proxy server.

 
  It is important to understand the implications of running the content filter with a web proxy server configured to run in standard mode.  
 


Standard Mode In standard mode, the web proxy operates on port 3128 and the content filter operates on port 8080. You must change the settings of all the web-browsers located on the local network to point to one of the above ports in order to take advantage of proxy or filtering services. If users have the technical knowledge and have access to the browser settings on their local machine, they could potentially by-pass the proxy server and have full access to content on the Internet.

Transparent Mode In transparent mode, all requests from the local network automatically pass through the web proxy cache. The settings for the local machines do not need to be changed. By-passing the proxy is not possible by changing browser settings on the local machine. Obviously, this is the preferred configuration.

Content Filter Update Service

If you have a subscription to the "Content Filter Blacklist Update" service (enabled through your ClarkConnect Gateway Service account) you can check to make sure the update service is active. If the update service is activated, you will see a screen capture similar to that shown below.

Image:ss_content_filter_activated.png

Updates are pulled or pushed automaticaly from the ClarkConnect Gateway Service network approximately every week.

Configure Advanced Filtering

Banned File Extensions / Banned MIME Types

Banned File Extensions Banning specific file extensions is a useful tool for limiting content available to users on the LAN. It can also greatly decrease the chances of users unwittingly downloading and running 'arbitrary' code downloaded from the Internet which could potentially contain viruses, spyware of other malicious code.

Image:ss_content_filter_extensions.png

By checking a box next to an extension, you are disallowing filtered users from accessing this file type. If you wish an extension to be blocked and it is not listed in the available list, add it to the list using the "Add a new extension type" form.

Banned MIME Types

Similarly, MIME types instruct a browser to utilize certain applications in order to display content encoding. Security exploits in the applications themselves can be used to infiltrate a computer. MIME types checked in the "Banned MIME Types" form will not be allowed to pass through the firewall and to the computer making the request on the LAN, providing a more secure environment.

Banned Site List / Exempt Site List

Banned Site List Sites entered in the "Banned Site List" will be banned, regardless of the site's content, or whether the site is on one of the blacklists.

Exempt Site List Sites entered in the "Exempt Site List" will be allowed, regardless of the site's content. Use this form if content on a site triggers a 'false positive' that you wish to override.

Banned User IP List / Exempt User IP List

If you have some or all of your worktations configured to use static IP addresses, you can configure individual workstations' access to the web.

Banned User IP List

Here you can configure LAN IP addresses that will be completely blocked from accessing the web. You can either add IP addresses individually or add groups as defined below.

Exempt User IP List

Here you can configure LAN IP addresses that will be granted completely unfiltered access to the web. You can either add IP addresses individually or add groups as defined below.

Groups

You can configure groups of IP addresses to simplify and organize workstation access to the web. For example in an educational environment you can add all administrator/staff IP addresses to a Staff group and add them to the Exempt User IP List.

Weighted Phrasing

The content filter system uses phrase lists to calculate a score for every web page. You can fine tune your content filter scoring by specifying which phrase lists to use.

In general you will want the phrase lists you select here to correspond with the blacklists you are using. At a minimum you will want to include the proxies phraselist to prevent your users from bypassing the filter.

 
  Note that more weighted phrases activated for the content filter mean that the filter will take more time to look at each page. It is recommended that if you are using a low powered server, you limit the number of weighted phrase lists you use and instead use more blacklists.  
 

If you have problems with some of the phraselists - that they're either blocking too strictly or not enough, please send information to phrasemaster AT dansguardian DOT org.

Blacklists

The content filter system uses black lists to block specific web sites. You can fine tune your content filter black lists by specifying which lists to use. Note that these lists are updated weekly by the Content Filter Update Service if you have subscribed to that service.

If you have problems with some of the phraselists - that they're either blocking too strictly or not enough, please submit your changes in the following form.

Configure Filter

Language - If your native language is supported by the DansGuardian contnet filter, you can configure the filter to use your language when displaying block reports to your users and error messages.

Sensitivity Level - The sensitivity level is an arbitrary scale that allows 'coarse' adjustment of the phrase filter sensitivity. Increasing the sensitivity level means that fewer bad phrases/words will cause the filter to block the page.

PICS Level - An Internet standard for rating web content. This setting will prove to be of minor significance as sites self-administrate this parameter. As a general rule, the recommendation is to disable this setting.

Reporting Level - Five options are available to customize what a user 'sees' when the filter blocks a page:

  • Stealth Mode - Site is not blocked...User's IP and site is logged (/var/log/dansguardian/access.log)
  • Access Denied - User's browser will receive an 'Access Denied' in place of the web page.
  • Short Report - A short error message 'bubble' will be displayed like the one below

Image:ss_content_filter_block_msg.png

  • Full Report - Same as above, but the weighted limit and actual value will be displayed (useful for fine-tuning the system).
  • Custom Report - Uses the customizable HTML template located at /etc/dansguardian/languages/[language] where language is the language you have selected in the setting above. The HTML template file is template.html and the default en_US language folder is /etc/dansguardian/languages/ukenglish.

Block IP Domains - Used to prevent users from circumnavigating the URL-based portion of the filter by using IP addresses instead of URL's. Pages will still be filtered based on the other filtering mechanisms: weightedphrases, mime types, file extensions etc.

Blanket Block - Most restrictive setting. All sites will be blocked with the exception of those listed in the exempt list. Useful for kiosks/public terminals where a browser is used to access a company site etc.

Troubleshooting

Web Sites Are Not Rendering Properly

Many web pages will pull elements of the page (images, scripts, etc.) from many different web servers. Some of these servers may get blocked by the content filter, but the rest of the web page will pass through just fine. The result can look like a broken web page. Example: the Yahoo web site pulls graphics from their yimg.com servers (owned by Yahoo). You can find a lot of pornography on the yimg.com servers, so it will often get listed in blacklists.

Web browsers provide a quick way to view all the elements on a web page. In Firefox, for example, you can select on Tools - Page Info in the menu and then click on Links to see all the page elements. This can be useful when you need to whitelist a web site and related web sites.

Links

Retrieved from "http://www.clarkconnect.com/docs/Modules_-_Content_Filter"

This page has been accessed 23,585 times. This page was last modified on 10 July 2008, at 20:04.


 
   
Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Company | Contact | Legal | Help | Login