Filtering

Opendium Web Gateway and UTM analyse each web request in a variety of ways to heuristically categorise it. In addition to analysing unencrypted traffic, encrypted HTTPS traffic will be decrypted, analysed and filtered in real time. The traffic can be restricted based on the categorisation that the system has determined for each web request.

The web filter works on three levels:

  • Categories: This is the primary method of filtering. The system categorises content as it is being accessed and blocks content which is deemed to belong to an unacceptable category according to the user group's settings.
  • Safe Search: The web filter can demand that some search engines, such as Google, enable their strict Safe Search filters, irrespective of the user's own preferences.
  • Overrides: Overrides are used to completely disable parts of the filtering system.

You can choose which categories are blocked, whether to enforce safe search and which overrides are applied on a per-group and per-time period basis. The user groups are arranged in a hierarchical tree, with the root being the Everyone group. This allows global settings to be set in the Everyone group and overridden or augmented by additional settings further down the tree. For example, you could configure the Everyone group to disallow access to online gaming websites, and this would apply to all users. You could then augment this by specifying that everyone in the Students subgroup also cannot access social networking websites except at lunch times.

Categories

Filtering CategoriesIn the Filter Categories subsection of the Web Proxy module, you can configure which categories of website are blocked. There are a selection of predefined categories and we provide regular updates to the criteria used to categorise websites into these categories. You can also create new categories as you see fit, and you can modify the categorisation criteria for both the predefined and user defined categories yourself. For the time being, we will concentrate just on using the predefined categories - refer to the Filtering Categories user guide for more information on altering the categories themselves.

Once you have selected a group, you can use the Add Category button to restrict certain categories. Select the categories you would like to restrict and click Ok and they will appear in the centre column of the page. You will note that each category has a Sensitivity control - we recommend starting with this in the middle to begin with. If you find that too much is being blocked then reduce the sensitivity a bit, and if you find that not enough is being blocked you can try increasing it. If there is just one website that is consistently being miscategorised, you can edit the category itself to exclude that website.

For certain categories, you may want the system to automatically disable a user's web access entirely if they are repeatedly blocked, and this can be achieved by ticking the Disable Users Automatically box and setting the Auto user disable threshold slider appropriately.

Once you are happy with the group's settings, press the Save Configuration button.

As described above, when you place a restriction on a group, this will also be inherited by all its descendent groups, unless explicitly overridden. If you need to override the inherited settings, untick the Inherit box of the setting and adjust it as appropriate. To completely disable a category's filtering, simply turn the sensitivity all the way down.

Safe Search

Safe SearchThe web filter can demand that some search engines, such as Google, enable their strict Safe Search filters, irrespective of the user's own preferences. As with the other filtering settings, this can be done on a per-group basis. To configure this, go to the Safe Search subsection of the Web Proxy module.

Once you are happy with the group's settings, press the Save Configuration button.

As described above, this setting will also be inherited by all the descendent groups, unless explicitly overridden. If you need to override the inherited settings, untick the Inherit box of the setting and adjust it as appropriate.

Overrides

Overrides EditorOverrides can be used to completely disable certain aspects of the filtering system. In general, the main use for this is to disable filtering on certain websites - in effect, whitelisting them. If you have a problem with a website being consistently miscategorised, it is usually better to edit the category and exclude the website from it that way - using an override to disable categorisation will prevent the website being filtered by any category, not just the problematic one.

In the Filter Override Editor you can create an override and give it a descriptive name, such as "Unfiltered Websites". You can also include a descriptive comment explaining what the override is for. Once the override has been created, you can right click on it to add criteria that determines what is included in that override. For example, you can add a number of URIs, or content types that you want to disable filtering on. You can also select exactly which parts of the filtering system is disabled by each entry. Again, you can record a comment for each criterion.

To apply an override to a group, go to the Filter Overrides and Walled Garden. Once you have selected a group, you can use the Add Override button to apply certain overrides. Select the overrides you would like to apply and click Ok and they will appear in the centre column of the page.

As described above, this setting will also be inherited by all the descendent groups, unless explicitly overridden. If you need to override the inherited settings, untick the Inherit box of the setting and adjust it as appropriate.

Time Periods

You will notice that, as you were setting up the categories, safe search and overrides, each setting says "Any Time" next to it. Up until now, all the settings that have been described have remained the same at all times of the day. But what if you want different restrictions placed upon the users at different times of the day or different days of the week? Maybe you would like to restrict access to social networking websites through most of the day, but allow access to them at lunch times?

Web Gateway and UTM have a powerful concept of Time Periods. By default, there is a single time period called "Any Time", but you can create additional time periods that define times that are important to your organisation. For example, you can create a "Lunch Times" period that applies from 12:30 until 13:30 on week days, and a "Weekends" period that applies at the weekend. Please consult the Time Periods user guide for information on how to create and edit time periods.

Once you have created additional time periods, you can display them by pressing the + button in the relevant setting. The right hand column will also display a calendar indicating the current configuration. The settings for the highest priority time period that is enabled and active at any given time determines which settings are used.