Web Filter Lite

From Edge Threat Management Wiki - Arista
Revision as of 21:41, 6 January 2017 by Mhotz (talk | contribs) (→‎Pass Clients)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

File:WebFilterLite 128x128.png     Web Filter Lite
Other Links:
Web Filter Lite Description Page
Web Filter Lite Screenshots
Web Filter Lite Forums
Web Filter Lite Reports
Web Filter Lite FAQs




About Web Filter Lite

Web Filter Lite monitors HTTP traffic on your network to monitor user behavior and block inappropriate content.


Settings

This section reviews the different settings and configuration options available for Web Filter.

Block Categories

Categories allows you to customize which categories of sites will be blocked or flagged. Categories that are blocked will display a block page to the user; categories that are flagged will allow the user to access the site, but will be silently flagged as a violation for event logs and Reports. These block/flag actions operate the same way for all of the different Web Filter options.

File:WF blockCategoriesLite.png
Block categories

Block Sites

Under Blocked Sites you can add individual domain names you want to be blocked or flagged - just enter the domain name (e.g. youtube.com) and specify your chosen action. This list uses URL Matcher syntax.

File:WF blockSites.png
A few sites entered into the Block List

Block File Types

The Block File Types section allows you to block files by file extension - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.

File:WF fileType.png
The File Types Block List

Block MIME Types

The Block MIME Types section allows you to block files by MIME types - just select (or add) your chosen file extension, check your preferred action, and save. This list uses Glob Matcher syntax.

File:WF mimeType.png
The MIME Types Block List

Pass Sites

Pass Sites is used to pass content that would have otherwise been blocked. This can be useful for "unblocking" sites that you don't want blocked according to block settings. Any domains you add to the Passed Sites list will be allowed, even if blocked by category or by individual URL - just add the domain and save. Unchecking the pass option will allow the site to be blocked as if the entry was not present. This list uses URL Matcher syntax.

File:WF passSites.png
A few sites entered into the Pass List

Pass Clients

If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites. Just add the IP and save. Unchecking the pass option will have the block/pass lists affect the user as if they were not entered into the Passed Client IPs list. This list uses IP Matcher syntax.

If you have a few users that need to completely bypass Web Filter controls, consider using pass lists. If you have users that simply need different Web Filter settings, you should set up a separate rack using Policy Manager. When using this feature, please remember that DHCP IPs can change, so you'll probably want to set up either a Static IP or a Static DHCP Lease for the machine in question.


File:WF passClients.png
A few different entries in the Pass Listed Client IPs list

Rules

The Rules tab allows you to specify rules to Block or Flag traffic that passes through Web Filter Lite.

The Rules documentation describes how rules work and how they are configured. Web Filter Lite uses rules to determine to block or flag the specific session. Flagging a session marks it in the logs for reviewing in the event logs or reports, but has no direct effect on the network traffic.

Rule Actions

  • Flag: Allows the traffic which matched the rule to flow, and flags the traffic for easier viewing in the event log.
  • Block: Blocks the traffic which matched the rule.

Advanced Settings

The Advanced section allows you to configure additional web filter options.

  • Block pages from IP only hosts: When this option is enabled, users entering an IP address rather than domain name will be blocked.
  • Pass if referers match Pass Sites. When this option is checked, if a page contains external content from any site in Pass Sites, that external content will be passed regardless of other block policies.
  • Block Google applications: When this option is enabled, only domains listed in Domain are allowed to access Google applications such as Gmail. All others are blocked by Google. Multiple domains can be specified, separated by commas such as:
untangle.com,domain.com.
NOTE: SSL Inspector must be installed and running with the Inspect Google Traffic configured to Inspect.
  • Unblock: This section can be used to add a button to allow users to bypass restrictions on a case-by-case basis.
If Unblock is set to None no users will be allowed to bypass the block page. If Unblock is set to Temporary users will be allowed to visit the site for one hour from the time it is unblocked. If Unblock is set to Permanent and Global then users will be allowed to visit the site and unblocked sites will be added to the permanent global pass list so it will always be allowed in the future.
You also have the option of setting a password to Unblock; it can either be the existing Administrator password for the Untangle or you can set a new, separate password only for the Unblock feature.
File:WF advancedLite.png
Advanced options

Reports

The Reports tab provides a view of all reports and events for all traffic handled by Web Filter Lite.

Reports

This applications reports can be accessed via the Reports tab at the top or the Reports tab within the settings. All pre-defined reports will be listed along with any custom reports that have been created.

Reports can be searched and further defined using the time selectors and the Conditions window at the bottom of the page. The data used in the report can be obtained on the Current Data window on the right.

Pre-defined report queries: {{#section:All_Reports|'Web Filter Lite'}}

The tables queried to render these reports:



Related Topics


Web Filter Lite FAQs

How do Web Filter and Web Monitor work?

Web Filter and Web Monitor both transparently scan HTTP and HTTPS traffic in order to monitor web activity on the network. Additionally, Web Filter can block inappropriate web activity as determined by the network administrator. Websites can be blocked or logged based on Category (Pornography, Social Networking, etc.), URL (facebook.com, youtube.com, etc.), content-type and much more.


Can I use both Web Filter and Web Monitor?

Web Monitor is a subset of the functionality of Web Filter. If you have Web Filter installed, there is no additional benefit of installing Web Monitor. If Web Filter has a valid license or is currently installed, Web Monitor will not be shown as installable.


How is Web Filter diffrent than Web Monitor?

Web Monitor is for monitoring web activity. Web Filter is for monitoring and blocking web activity. Web Filter is identical to Web Monitor, except with the ability to block and modify web content, such as:

  • Blocking web sites & categories
  • Enforce safe search
  • Restrict google applications


Can I install Web Filter or Web Monitor on a single computer to use as Parental Control software?

No. NG Firewall is designed to operate as a gateway or transparent bridge for an entire network and is not meant to filter the computer it is installed on. Installing NG Firewall will wipe out all existing data on the PC it is installed to. For filtering a single PC, other Internet filter/Parental Control software can be used.

Can I add additional categories?

Sorry, custom categories are not available.


What categorization database does Web Filter Lite use?

The Web Filter Lite database is community maintained. It is almost completely unmaintained, receiving only a few minor updates a year.