Web Filter FAQs
How do I submit a mis-categorized or uncategorized site?
You can go to zvelo and submit the correct (or new) categorization. It will be reviewed immediately by a human. Once the new categorization takes effect you may need to flush your category cache in Web Filter to see the new categorization.
Does Web Filter use a lot of memory and CPU?
If your Untangle Server is operating well without Web Filter, then you won't see much of a difference if you run Web Filter. Web Filter doesn't use much memory, and its cloud-based architecture adds very little to CPU utilization.
How do real-time updates work?
When a client first vists a site, Web Filter accesses the zveloDB to get the categories the site is under to make a decision to block or pass based on your configuration. The category information is also written to a local cache so it doesn't have to be checked the next time a user visits that site.
How long does Web Filter cache category information for sites?
Several days. Web Filter flushes non-frequently used cache. The website that you visit daily will not be cleared from cache.
Can I add additional categories?
Custom categories are not available, however we provide over 140 categories for granular control over what your clients can access. If you feel there are categories that we can add to make it even better, just let us know.
How should I handle false positives?
While the fastest way to allow clients to access a site that is currently blocked is to add the site to your pass list, you can request recategorization of sites here - the turnaround time is usually less than two days.
Can I use Web Filter to block HTTPS/SSL sites?
Yes - because Web Filter has access to a separate database of IP addresses, it can categorize HTTPS traffic based on the destination IP address. This is not done by individual domain, but by category - for example, if you simply block 'facebook.com'. Please note that this does not mean Web Filter can parse HTTPS as it is encrypted. Categorization is done via IP address. This means other forms of blocking like URL, file-type, mime-type, etc can not be done on HTTPS as the stream is encrypted and these require parsing of the HTTP protocol.
Why can i access a site using HTTPS when I've added it to the block list?
Web Filter scans and categorizes HTTPS traffic by IP address because the session itself is encrypted and cannot be scanned. As a result, if you add "example.com" to the block list and go to "https://example.com" it will not be blocked because Untangle can only see the IP address. However, if you block the category "example.com" is in, then go to "https://example.com" it will not connect and you will see a block event in the Event Log.
Why is Web Filter still blocking an HTTPS site even after I added it to the pass list?
This should only be a problem with older browsers that do not provide SNI information in the HTTPS stream - if your browser provides SNI information, adding the domain to the pass list should allow the site to load. Older browsers that do not provide SNI information can run into this problem, however. If this is the case, it is because Web Filter does categorization of HTTPS traffic by IP address. HTTPS encrypts the hostname and request, so all we can see is the destination IP. This means if https://example.com/ is getting blocked, adding "example.com" to the passlist will have no effect because HTTPS is categorized by IP address. If you add the IP address of example.com to the passlist then HTTPS traffic to example.com will be allowed.
Why did 'Youtube for Schools' disappear?
Google/Youtube stopped supporting the their youtube for schools features. This features relied on Untangle adding an identification header to HTTP requests and then youtube would enforce the policy on the server. Since this feature is no longer supported by their servers the feature has been removed.
