8.1. Content filtering

Based on content filtering rules, network administrators can allow or prohibit certain content passed through HTTP and HTTPS (if the HTTPS inspection is configured). In addition, UserGate can block the HTTPS traffic without decrypting its content, but only when the UserGate URL filtering rules for blocking by content filtering categories or by lists of URLs (with host names only) are applied. In such cases, UserGate uses either SNI (Server Name Indication) or host names in the SSL certificate from user requests for domain identification when SNI is not available.

Criteria of a rule can be as follows:

  • Users and groups

  • Certain words or phrases (morphology) on web pages

  • Category of a website

  • URL

  • Zone and IP address of the source

  • Zone and IP addresses of the destination

  • MIME type of content

  • Time

  • User browser useragent

  • HTTP-method

Important! Rules are applied from top to bottom in the same order as they are displayed in the console. The system always applies only the first rule for which all criteria are met. This means that the most specific rules must be in the upper part of the list, while the broader rules must be in the bottom. If you want to change the order of rules, use the Up/Down buttons.

Important! If no rules have been created, then all content will be allowed.

Important! The rule will be applied only when all its specific conditions are met. The Negate checkbox makes the condition opposite to the initial condition, i.e. corresponds to logical negation (NOT).

To create a new content filtering rule, click Add in the Network policies--> Content filtering section and specify the following parameters.

Name

Description

Enabled

Enables or disables a rule

Name

Rule name

Description

Description of a rule

Action

Deny - blocks the web page

Warning - notifies a user that a web page they are trying to access is unwanted. The user will decide on their own whether to access the page or not. Each web page view is logged

Allow - allows the traffic

Enable logging

Logs information about rule triggered.

Check by UserGate antivirus

Applicable to the Deny rules only, i.e. if a web page is infected, the entire web resource will be blocked. If a rule contains additional conditions (categories, time, etc.), then the virus scan will be performed only when all criteria in the rule are met.

Check by Heuristic antivirus

Applicable to the Deny rules only, i.e. if a web page is infected, the entire web resource will be blocked. If a rule contains additional conditions (categories, time, etc.), then the anti-virus scan will be performed only when all criteria in the rule are met. Heuristic virus check may require higher performance system.

Scenarios

It indicates a scenario that must be active for applying the rule. For more details on scenarios, please refer to Scenarios.

Important! A scenario represents an additional condition. If the scenario is not activated (i.e. one or more its triggers are not launched), the rule will not be applied.

Blocking page

Specifies the blocking page that will be shown to users when a web resource they are trying to access is prohibited. You can either use an external page by selecting Use external URL or specify the UserGate's blocking page. In this case, you can select an existing template of the blocking page or create a new one in Libraries-->Response pages.

Source

A source zone and/or a list of source IP addresses for the traffic.

Destination

A destination zone and/or a list of destination IP addresses for the traffic.

Users

List of users and groups of users to which this rule will be applied. You can add users of the Any, Unknown, Known type. To apply rules to individual users or user of the Known type, make sure to set up authentication properly. For more details on user identification, please refer to the Users and devices chapter.

Categories

List of categories from UserGate URL filtering 3.0. Note that you will need the corresponding license in order to use categories. UserGate URL filtering 3.0 is the largest database of web resources split into 73 categories for your convenience. Network administrators can efficiently manage access to unwanted web resources, such as pornography, malicious websites, online casinos, gambling websites, social media, and more.

Important! Beginning from version UserGate 5.0.7 administrator can override category for any website, if site is not categorized or categorized incorrectly. For more details please refer to Requests to a white list.

Important! Blocking by URL categories can be applied to the HTTPS traffic without decrypting it.

URLs

Lists of URLs. If you have the corresponding license, UserGate will provide you with the regularly updated lists of URLs, such as "UserGate black list", "UserGate white list", "List of prohibited websites according to some national laws", "Black list of phishing websites", and "Search engines without safe search". Network administrators can also create their own lists of URLs. For more details on how to work with lists of URLs, please refer to Libraries-->URL lists.

Important! Blocking by URL lists can be applied to the HTTPS traffic without decrypting it, provided that the lists contain only host (domain) names.

MIME-types

Lists of MIME types. Network administrators can manage video content, audio content, images, executables, and more. Network administrators can also create their own groups of MIME types. For more details on how to work with MIME types, please refer to Content types.

Morphology

List of morphology dictionaries for web page checks. If you have the corresponding license, UserGate will provide you with the list of various dictionaries, such as "Suicide", "Terrorism", "Pornography", "Profanity", "Gambling", "Drugs", and other. The dictionaries are available in English, German, Russian, Japanese and Arabic.

Network administrators can also create their own dictionaries. For more details on how to work with morphological dictionaries, please refer to Morphology.

Time

Time period when the rule will be active. Network administrators can add necessary time intervals in Libraries-->Time sets.

Useragent

Useragent of user browsers for which a given rule will be applied. Administrators can add all necessary Useragents as described in the Useragents section.

HTTP method

For HTTP requests, the system usually applies POST or GET methods.

Referrers

A list of URLs with the referrers for the current page. The corresponding rule will be triggered when the referrer of a given page is found on this list. This functionality is useful for allowing access to certain websites in CDNs (Content Delivery Networks) while prohibiting direct access to CDN content.