Web Filter Lite
|Web Filter Lite||
About Web Filter Lite
Web Filter Lite monitors HTTP traffic on your network to monitor user behavior and block inappropriate content.
This section reviews the different settings and configuration options available for Web Filter.
Block Categories allows you to customize which categories of sites will be blocked or flagged. Categories that are blocked will display a block page to the user; categories that are flagged will allow the user to access the site, but will be silently flagged as a violation for event logs and Reports. These block/flag actions operate the same way for all of the different Web Filter options.
Under Blocked Sites you can add individual domain names you want to be blocked or flagged - just enter the domain name (e.g. youtube.com) and specify your chosen action. This list uses URL Matcher syntax.
Block File Types
The Block File Types section allows you to block files by file extension - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.
Block MIME Types
The Block MIME Types section allows you to block files by MIME types - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.
Pass Sites is used to pass content that would have otherwise been blocked. This can be useful for "unblocking" sites that you don't want blocked according to block settings. Any domains you add to the Passed Sites list will be allowed, even if blocked by category or by individual URL - just add the domain and save. Unchecking the pass option will allow the site to be blocked as if the entry was not present. This list uses URL Matcher syntax.
If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites. Just add the IP and save. Unchecking the pass option will have the block/pass lists affect the user as if they were not entered into the Passed Client IPs list. This list uses IP Matcher syntax.
- If you have a few users that need to completely bypass Web Filter controls, consider using pass lists. If you have users that simply need different Web Filter settings, you should set up a separate rack using Policy Manager. When using this feature, please remember that DHCP IPs can change, so you'll probably want to set up either a Static IP or a Static DHCP Lease for the machine in question.
The Advanced section allows you to configure additional web filter options.
- Block pages from IP only hosts: When this option is enabled, users entering an IP address rather than domain name will be blocked.
- Pass if referers match Pass Sites. When this option is checked, if a page contains external content from any site in Pass Sites, that external content will be passed regardless of other block policies.
- Block Google applications: When this option is enabled, only domains listed in Domain are allowed to access Google applications such as Gmail. All others are blocked by Google. Multiple domains can be specified, separated by commas such as:
- untangle.com, domain.com.
- NOTE: HTTPS Inspector must be installed and running with the Inspect Google Traffic configured to Inspect.
- Unblock: This section can be used to add a button to allow users to bypass restrictions on a case-by-case basis.
- If Unblock is set to None no users will be allowed to bypass the block page. If Unblock is set to Temporary users will be allowed to visit the site for one hour from the time it is unblocked. If Unblock is set to Permanent and Global then users will be allowed to visit the site and unblocked sites will be added to the permanent global pass list so it will always be allowed in the future.
- You also have the option of setting a password to Unblock; it can either be the existing Administrator password for the Untangle or you can set a new, separate password only for the Unblock feature.
The Reports tab provides a view of all reports and evens for all traffic handled by Web Filter Lite.
All Web Filter Lite reports can be accessed using the Select Reports window. All pre-defined reports will be listed along with any custom reports that have been created.
Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.
Pre-defined report queries:
|Web Filter Lite Summary||A summary of web filter lite actions.|
|Web Usage (all)||The amount of total, flagged, and blocked web requests over time.|
|Web Usage (scanned)||The amount of total, flagged, and blocked web requests over time.|
|Web Usage (flagged)||The amount of flagged, and blocked web requests over time.|
|Web Usage (blocked)||The amount of flagged, and blocked web requests over time.|
|Top Categories (by request)||The number of web requests grouped by category.|
|Top Categories (by size)||The sum of the size of requested web content grouped by category.|
|Top Flagged Categories||The number of flagged web requests grouped by category.|
|Top Blocked Categories||The number of blocked web requests grouped by category.|
|Top Sites (by request)||The number of web requests grouped by website.|
|Top Sites (by size)||The sum of the size of requested web content grouped by website.|
|Top Flagged Sites||The number of flagged web requests grouped by website.|
|Top Blocked Sites||The number of blocked web requests grouped by website.|
|Top Domains (by request)||The number of web requests grouped by domain.|
|Top Domains (by size)||The sum of the size of requested web content grouped by domain.|
|Top Flagged Domains||The number of flagged web requests grouped by domain.|
|Top Blocked Domains||The number of blocked web requests grouped by domain.|
|Top Hostnames (by requests)||The number of web requests grouped by hostname.|
|Top Hostnames (by size)||The sum of the size of requested web content grouped by hostname.|
|Top Flagged Hostnames||The number of flagged web request grouped by hostname.|
|Top Blocked Hostnames||The number of blocked web request grouped by hostname.|
|Top Clients (by requests)||The number of web requests grouped by client.|
|Top Clients (by size)||The sum of the size of requested web content grouped by client.|
|Top Flagged Clients||The number of flagged web request grouped by client.|
|Top Blocked Clients||The number of blocked web request grouped by client.|
|Top Usernames (by requests)||The number of web requests grouped by username.|
|Top Usernames (by size)||The sum of the size of requested web content grouped by username.|
|Top Flagged Usernames||The number of flagged web request grouped by username.|
|Top Blocked Usernames||The number of blocked web request grouped by username.|
The events section provides a view of all web events and how they are handled by Web Filter Lite. It can be used to view traffic on the network in real time or as a debugging tool to view how Web Filter Lite is operating.
|All Web Events||Shows all scanned web requests.|
|Flagged Web Events||Shows all flagged web requests.|
|Blocked Web Events||Shows all blocked web requests.|
|Unblocked Web Events||Shows all unblocked web requests|
Conditions can be used to filter the traffic information shown in reports and events. Each condition has a corresponding column that can be viewed in the event viewer. Multiple conditions can be added to drill down and inspect Web Filter Lite data. For a list of conditions, refer to the http_events table in Global DB Schema.
Web Filter Lite FAQs
How do Web Filter and Web Filter Lite work?
Web Filter and Web Filter Lite both transparently scans HTTP traffic in order to block or log specific activity. Websites can be blocked or logged based on Category (Pornography, Social Networking, etc.), URL (facebook.com, youtube.com, etc.), MIME Type or File Type (.exe, .mp3, etc..). Web Filter has a more robust feature set that is explained in a FAQ entry below.
Can I use both Web Filter and Web Filter Lite?
We do not recommend running both Web Filter and Web Filter Lite at the same time - if you have access to the trial or full version of Web Filter, we recommend using it rather than Web Filter Lite.
Is Web Filter really better than Web Filter Lite?
Web Filter is the same as Web Filter Lite except it is based on SiteFilter technology. Web Filter is better than Web Filter Lite in many ways:
- HTTPS Filtering
- Many More categories (141 vs. 15)
- Larger database (450+ million URLs vs ~1 million)
- Dynamic categorization of new sites
- SafeSearch enforcement
- Password option for the Unblock feature
Can I install Web Filter/Web Filter Lite on a single computer to use as Parental Control software?
No - Untangle is designed to operate as a gateway or transparent bridge for an entire network and is not meant to filter the computer it is installed on. Installing Untangle will wipe out all existing data on the PC it is installed to. For filtering a single PC, other Internet filter/Parental Control software can be used.
Why is a site not being properly displayed even though I added it to the Pass List?
It's common for a web site to display links, banners and content from other web sites as part of their web pages. There are two easy methods to re-integrate the content while maintaining your access controls. A good example is Facebook - when you go to 'facebook.com', much of the site is loaded from 'fbcdn.net', which also must be put on the pass list for it to display properly. To fix these problems, just look in the Event Log for domains that are still being blocked when you load the site.
Can I block all web sites except certain ones?
Yes, simply block all categories (including "Uncategorized"). Then add whatever sites you'd like to pass to the Pass List. Please be aware that the complex nature of the web and the fact that many applications communicate over HTTP can make this approach difficult.
Why block both MIME Type and File Types?
In an ideal world, both pieces of information would always be present for every web request. However, some sites use incorrect content types or extensions. The behavior of operating systems (Windows vs. Mac) is also different when given only file extension or content type. To be safe, both lists should be used.
What kind of reporting features do Web Filter and Web Filter Lite offer?
Web Filter and Web Filter Lite provide network- and user-based reporting. Data from these apps is fed into Reports to show high level trends such as peak network usage hours as well as allowing administrators to drill down to the individual user level for activity monitoring.
Can I grant privileged access to some users while still blocking sites for everyone else?
There are several ways to accomplish this:
- Policy Manager can be used to create multiple racks, which allows you to have separate filtering settings for individuals or groups of users. The easiest example is a school, where you would want Teachers to have more relaxed internet filter settings than the students. Different settings can be applied to any individual or group in your organization such as CEOs, Administrative Assistants or Accounting Departments.
- The Passed Client IPs List allows you to exempt specific users from all filtering inside the Web Filter/Web Filter Lite applications.
- The Unblock option displays a button that, when clicked, will allow users to bypass the block page. Web Filter has an additional option to require a password for this.
Can I let users access certain sites during lunch?
You can leverage Policy Manager to set up specific filtering settings for different days or time periods, such as allowing Facebook during breaks or after work hours.
Windows Vista/7 computers showing "No Internet Access" but everything is fine. Whats going on?
Make sure you're not blocking access to the domain www.msftncsi.com; this is part of a test that Microsoft runs to see if there is an active internet connection. Once you've verified this domain is not blocked, simply restart the PC and that should take care of it.
Can I add additional categories?
Sorry, custom categories are not available.
What categorization database does Web Filter Lite use?
The Web Filter Lite database is community maintained. It is almost completely unmaintained, receiving only a few minor updates a year.