Web proxy |
URL filter |
| Enabled |
This box needs to be checked to enable the URL filter. In addition, the URL filter requires on the Web Proxy service to be enabled. |
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Block categories |
| Block categories |
Different categories can be selected, depending on the installed blacklist. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Custom Blacklist |
| Blocked domains (one per line) |
Define the domains you want to block. This could be verybadthings.net or subdomain.verybadthings.net |
| Blocked URLs (one per line) |
Define the URLs you want to block. This could be verybadthings.net/badstuff or verybadthings.net/more/stuff |
| Enable custom Blacklist |
Enables the manually entered domains and URLs to be blocked. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Custom Whitelist |
| Allowed domains (one per line) |
Define the domains you want to allow. This could be trustedthings.net or subdomain.trustedthings.net |
| Allowed URLs (one per line) |
Define the URLs you want to allow. This could be trustedthings.net/goodstuff or trustedthings.net/more/stuff |
| Enable custom Whitelist |
Enables the manually entered domains and URLs to be allowed, even if listed in another category. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Custom expression list |
| Blocked expressions (as regular expressions) |
Define the expressions to be blocked if they appear within an URL. You can use regular expressions for this, one per line. |
| Enable custom expression list |
Enables URLs to be blocked if the manually entered expressions matches them. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
File extension blocking |
| Block executable files |
Enable this to block the download of executable files. This also includes files rated as potential insecure. |
| Block audio/video files |
Enable this to block the download of audio and video related files. |
| Block compressed archive files |
Enable this to block the download of compressed archives containing other files. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Local file redirection |
| Enable local file redirection |
Enables the redirection of file download requests to the local repository. This increases the speed and saves bandwidth. |
| Manage repository |
Opens the GUI dialog for the local file repository management. |
| Note: The local file redirection is not available for the SmoothWall version! |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Network based access control |
| Unfiltered IP addresses |
The listed IP address(es) or network(s) will bypass all active filter rules. |
| Banned IP addresses |
The listed IP address(es) or network(s) will be banned, regardless of the active filter rules. |
You can define one or more single host addresses, networks in CIDR notation, networks with a certain netmask, a range of hosts or a combination of all of them.Examples are:
192.168.0.54192.168.0.0/24192.168.0.0/255.255.255.0192.168.0.100-192.168.0.200
|
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Time based access control |
| Set time constraints |
Opens the GUI dialog for the time based constraints. |
| Set user quota |
Opens the GUI dialog for the user based time quota. |
| Note: The time based access control options for constraints and quota are not available for the SmoothWall version! |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Block page settings |
| Show category on block page |
If enabled, the destination category will be shown in the right upper corner on the block message. This can be a useful hint, if you don't know which category is blocking your request. |
| Show URL on block page |
If enabled, the requested URL will be shown on the block message. |
| Show IP on block page |
If enabled, the client IP address will be shown on the block message. |
| Use "DNS Error" to block URLs |
The default block message will be replaced by a "Server or DNS not found error" message. This can be useful, when you will let the destination appear rather as Offline than as Blocked. This option should only be used with the Web Proxy service running in transparent mode. |
| Redirect to this URL |
You can define a custom website where clients will be redirected to if they are blocked. |
| Message line 1 |
You can define your own text here to replace the default text "ACCESS DENIED" on the block page. |
| Message line 2 |
You can define your own text here to replace the default text "Access to the requested page has been denied" on the block page. |
| Message line 3 |
You can define your own text here to replace the default text "Please contact the Network Administrator if you think there has been an error" on the block page. |
| Enable background image |
Enables the background image on the block page. The default image the distribution logo. |
| Upload custom background image |
You can change the default block page background image by uploading your own .jpg image here. |
| Except for the options Redirect to this URL and Use DNS Error to block URLs all block page settings will get active immediately without the need to restart the URL filter. |
|
|
Back to the Quick Reference overview
|
| |
URL filter settings |
Advanced settings |
| Enable expression lists |
Enables predefined expression lists. In addition to the domain and URL lists, all URLs will be checked for certain keywords. The existence of those expression lists depends on the installed blacklist. |
| Enable SafeSearch |
Enables the search-engine based SafeSearch filtering for image search and ordinary web search. This may depend on whether a search-engine supports the SafeSearch feature. |
| Block "ads" with empty window |
Enable this to replace banners, pop-up windows and advertisements with a blank window. This will be done by redirecting to a 1 pixel sized .gif file. Requires the category "ads" or "adv" to be selected for blocking. |
| Block sites accessed by it's IP address |
If enabled, all sites accessed by it's IP address will be blocked. The same site will be available if accessed by it's domain name and if not blocked by another rule. |
| Block all URLs not explicitly allowed |
Enable this to block all requests, except for those defined in the "Custom Whitelist". |
| Enable log |
Enable this to write a logfile with all offending requests. |
| Log username |
Enable this to add the username for each request to the logfile. |
| Split log by categories |
Split the logfile into single files, one for each category instead of one common logfile. Needs the option Enable Log to be enabled. |
| Number of filter processes |
You can increase or decrease the number of active filter processes. The number of processes depends on your hardware performance, your bandwidth and the concurrent number of clients. The default value is 5. |
| Allow custom whitelist for banned clients |
All requests from banned clients (banned by definition or by time constraints) will be blocked by default. If enabled, this option allows the banned clients to request websites from the custom whitelist. The custom whitelist must be enabled for this. |
|
|
Back to the Quick Reference overview
|
| |
URL filter maintenance |
Blacklist update |
| Upload Blacklist |
Any squidGuard compatible blacklist can be installed with this add-on. If you install a new blacklist, all existing categories will be replaced and all additional new categories will be added. |
The .tar.gz archive must have the internal path blacklists/category/list where category will be the name of the category and list will be one or more files named domains, urls or expressions.
Depending on your hardware performance (exceptionally your harddisk) and the size of the blacklist, it may take several minutes to compile this blacklists into prebuilt databases. Prebuilt databases are required to speed up the start process of the URL filter significantly, especially on machines with a weak performance level.
For large or even huge blacklists a Pentium III 1 GHz processor with 512 MB RAM would be recommended, whilst small blacklists will run on a Pentium I 133 MHz processor with 32 MB RAM without a visible loss of performance.
|
|
|
Back to the Quick Reference overview
|
| |
URL filter maintenance |
Automatic blacklist update |
| Enable automatic update |
This enables the automatic blacklist update. |
| Automatic update schedule |
Select the schedule for automatic blacklist updates: daily, weekly or monthly. The update will be processed at 03:00 am. |
| Select download source |
Select one of the predefined download sources or a custom source URL. |
| Custom source URL |
If the custom source URL is selected for the download enter the complete URL for the blacklist here. |
| Save update settings |
This saves the current update settings. |
| Update now |
This updates the blacklist immediately using the current (not the saved) settings. |
| Depending on your hardware performance (exceptionally your harddisk) and the size of the blacklist, it may take several minutes to compile this blacklists into prebuilt databases. Prebuilt databases are required to speed up the start process of the URL filter significantly, especially on machines with a weak performance level.
You can check the update results at the System Logs, section Update Transcript.
|
|
|
Back to the Quick Reference overview
|
| |
URL filter maintenance |
Backup URL filter settings |
| Include complete Blacklist |
Includes all Blacklist category files and prebuilt databases. Note: Your custom Blacklists and Whitelists are always included, no matter whether this options is enabled or not. |
| Create backup file |
Builds the backup file urlfilter-backup.tar.gz and downloads it to your local client computer. |
|
|
Back to the Quick Reference overview
|
| |
URL filter maintenance |
Restore URL filter settings |
| Import backup file |
Uploads the selected backup file and restores the settings and saved blacklist files. |
|
|
Back to the Quick Reference overview
|
| |
Local file redirection (available for IPCop only) |
Manage local file repository |
| Upload file |
Adds the selected file to the local repository. |
| Back to main page |
Returns to the URL filter main GUI page. |
|
|
Back to the Quick Reference overview
|
| |
Local file redirection (available for IPCop only) |
Current files in local repository [name of repository] |
| Shows all files (name and size) stored in the local file repository.
Important: After adding files or removing files from the repository, the URL filter must be restarted to activate the changes!
Note: Files can be added to the repository within the GUI or by copying them to the repository directory using SCP.
Directly copied files can only be removed from the repository by the GUI as long as the umask is set to 666 or the ownership of the files has been set to nobody.
|
|
|
Back to the Quick Reference overview
|
| |
Time constraints (available for IPCop only) |
Add new / Edit time constraint rule |
| Definition |
Determines whether the rule will be active within or outside the given time space. |
| Weekday |
Select the weekdays from Monday to Sunday for the rule. |
| From / To |
Start and end time for the rule. Note: The time refers to URL filter time and not to the local client time! |
| Source host(s) or network(s) |
Enter the source host or network address(es) for the rule. |
| Destination |
Select one or more categories. To select more than one category, press the Ctrl key and click the desired category. |
In addition to the regular block categories, there are four more categories:
any : includes all categoriesin-addr : includes all URLs accessed by it's IP addressfiles : includes all file extension blockingscustom-blocked : includes the custom blacklist domains and URLs
These categories can be selected, no matter whether they are activated within the main page.
|
| Access |
Determines whether the rule will allow or block access. |
| Enabled |
Enables the rule. |
| Add / Update |
Saves the rule. Note: The URL filter needs to be restarted to activate the changes! |
| Reset |
Resets all changes for the current rule and re-reads the saved settings. |
| Back to main page |
Returns to the URL filter main GUI page. |
|
|
Back to the Quick Reference overview
|
| |
Time constraints (available for IPCop only) |
Current rules |
| Shows all existing time constraint rules.
Important: Please notice, that all rules are applied in the same order as they are listed!
|
|
|
Back to the Quick Reference overview
|
| |
User quota (available for IPCop only) |
Add new / Edit user quota rule |
| Time quota |
The time (in minutes) a user may have access to the web. The counter starts with the first request and the user gets blocked if this time limit will be reached. |
| Activity detection |
If the user doesn't access any website for 5 or 15 minutes, the quota limit will not be decreased until the next request is sent. |
| Renewal period |
Specify the time frame for the given user quota. The quota for this user will be reset either hourly, daily or weekly. |
| Assigned users |
The RFC931 compliant user names that will be affected by this rule. |
| Enabled |
Enables the rule. |
| Add / Update |
Saves the rule. Note: The URL filter needs to be restarted to activate the changes! |
| Reset |
Resets all changes for the current rule and re-reads the saved settings. |
| Back to main page |
Returns to the URL filter main GUI page. |
|
|
Back to the Quick Reference overview
|
| |
User quota (available for IPCop only) |
Current rules |
| Shows all existing time constraint rules.
Important: Please notice, that the current quota counters will be reset for all users when restarting the URL filter, the proxy service or rebooting the server!
|
|
|
Back to the Quick Reference overview
|
