Device Configuration : Protect : Web : Content Filter
Content Filter
Device Configuration > Protect > Web > Content Filter
Web Content Filter menu allows to configure and manage web filtering through the device. It also allows to configure general restrictions for scanning and restricting all the HTTP/HTTPS/FTP traffic. By default, device will not scan HTTP traffic. You can also define the rule to bypass HTTP scanning of the traffic from specific source and destination. If virus scanning is enabled and virus is detected, receiver will receive a notifying message. Similarly, you can define rule to bypass HTTPS scanning based on the web categories.
General Configuration
Use this section to enable the Safe Search feature, caching and Pharming protection useful in filtering Web traffic. You can also configure Custom Denied Message.
Safe Search - This feature allows you to enforce safe searching into your search engines, thus helping you against malicious sites.
Pharming Protection - This feature allows you to stop Pharming by various attacker sites by Domain Name resolution.
Below are the screen elements with their description:
Scanning
Select the type of scanning to be applied.
Available Options:
Single Anti-Virus (Maximum Performance): Traffic will be scanned using the Primary Anti-Virus engine.
Dual Anti-Virus (Maximum Security): Traffic will be scanned using both Anti-Virus Engines, first by Primary and then by the Secondary Engine. This can increase virus detection, but will impact performance.
It is recommended to use Single Anti-Virus engine for scanning for the best balance of Security and Performance.
Content That Could Not Be Scanned
Specify an action to take when the firewall encounters content that could not be scanned.
* Files that cannot be fully scanned because they are encrypted or corrupted may contain undetected threats. Blocking offers the best protection.
Enforce Safe Search
Enable safe search so that web sites containing pornography and explicit sexual content are blocked from the Google, Yahoo, Altavista and Bing search results.
This will be applicable only when access to Porn, Adult Content and Nudity categories are denied in the Web Filter Policy.
Enable Additional Image Filters
Restrict image search results to images with a Creative Commons license.
Enable Pharming Protection
Enable to protect against pharming attacks and direct users to the legitimate websites instead of fraudulent websites.
Pharming attacks require no additional action from the user from their regular web surfing activities. Pharming attack succeeds by redirecting the users from legitimate websites instead of similar fraudulent websites that has been created to look like the legitimate site.
Caching
Enable Caching
When enabled the Web Filter keeps a copy of frequently visited sites to improve performance and reduce bandwidth usage
Force caching for Endpoint updates
Use this option to enable caching of update data for Sophos Endpoints.
* If this option is disabled you may experience network congestion when many endpoints attempt to download updates from the Internet at the same time.
Denied Message
Specify default deny message to be displayed for all the web categories.
Enable Override Default Denied Message to display a customized message for all the web categories.
Denied Message Image
Specify whether the default or custom image should be displayed on the Denied message page.
Warned Message
Specify default warn message to be displayed for all the web categories.
Enable Override Default Warned Message to display a customized message for all the web categories.
Top Image
Specify the image which is to be displayed at the top of the message page.
Dimension of Image should be 125 x 70 pixels and jpg file only.
Bottom Image
Specify the image which is to be displayed at the bottom of the message page.
Dimension of Image should be 700 * 80 pixels and jpg file only.
Preview
Click to view the settings before saving the changes.
HTTP/HTTPS Configurations
The administrator can configure for real time or batch mode scanning of HTTP traffic.
You can configure the maximum file size that can be buffered to the memory for scanning. This will also prevent the unintentional download of virus file hidden in the fragmented files.
Depending on the scanning policy set at the time of deployment through Network configuration Wizard, device will scan HTTP and HTTPS traffic. Enable or disable HTTP and HTTPS scanning from security policy.
Use this section to configure general restrictions for scanning and restricting all the HTTP/HTTPS traffic.
Scan Mode
Specify scanning mode to configure for real time or batch mode scanning for HTTP/HTTPS traffic.
In batch mode, virus scanning will start only after the complete file is downloaded. As complete file is to be downloaded before scanning can start, if the size of the file is large it will take some time.
To avoid the delay, configure scan in real mode if you have to download bulky files.
File Size Threshold
Specify file size threshold (in KB). Files that exceed configured threshold will not be scanned.
Acceptable Range - 1 to25600 KB
Default - 1024 KB
Audio & Video File Scanning
Enable Audio & Video File Scanning for scanning of video and audio streams being downloaded.
Default - Disable
HTTPS Scanning CA
Select the CA for HTTPS Scanning from the available options:
Available Options:
SecurityAppliance_SSL_CA
SecurityApplianceSelf Signed CA
List of custom CAs if added
Default - SecurityAppliance_SSL_CA
Deny Unknown Protocol
Enable to deny traffic that does not follow HTTPS protocol.
Allow Invalid Certificate
If you enable HTTPS scanning, you need to import appliance SSL Proxy certificate in Internet Explorer, Firefox Mozilla or any other browsers for decryption on SSL Inspection otherwise browser will always give a warning page when you try to access any secure site. “Invalid Certificate error” warning appears when the site is using an invalid SSL certificate. Device blocks all such sites.
Enable if you want to allow access to such sites.
FTP Configurations
The administrator can define policies to take the appropriate action based on the protocols. Separate policy can be defined on how to handle SMTP, POP3, FTP and HTTP traffic if infection is detected.
When Device detects a virus, file transfer is stopped and Email message is delivered without the attachment.
Files Greater Than Size
Configure the maximum file size (in KB) for scanning. The files greater than the specified size will not be scanned.
Acceptable Range - 1 to 20480KB
Default – 1024 KB
HTTP Scanning Rules
Apart from mails, virus can infect your network through HTTP downloads also. Define HTTP scanning rules to protect against this. The HTTP Scanning Rules section displays list of all the scanning rules. It also provides option to add a new rule, update the parameters of the existing rules, or delete a rule.
HTTPS Scanning Exceptions
The device allows to bypass the HTTPS scanning for specified web categories. Administrator needs to create an exception rule and include all the web categories which are to be bypassed from HTTPS scanning.
The section displays list of all the configured exception rules. It also provides option to add a new exception rule, update the parameters of the existing rule, and delete the rule.