- Blocked website categories: Select the categories you wish to block.
- URL category list size: Select "Top sites only" for higher performance or "Full list" for better coverage. When "Top sites only" is selected, the list of top sites in each of the blocked categories will be cached locally on the appliance. In this mode, client requests for URLs that are not in the top sites list will always be permitted (as long as they are not in the blocklist). If "Full list" is selected, a request for a URL that is not in the list of top sites will cause the appliance to look the URL up in a cloud-hosted database. This may have a noticeable impact on browsing speed when visiting a site for the first time. But the result will be cached locally. Over time, the "Full list" performance should approach the speed of "Top sites" option.
- Web search filtering: Enable this setting to enforce Safesearch for Google, Yahoo!, and Bing for all users in your network. This will not affect SSL/HTTPS searches.
- Block encrypted search: Because Web search filtering cannot block encrypted searches, when it is enabled this option will appear. Enabling Block encrypted search creates a Layer 7 firewall rule that prevents users from accessing encrypted Google sites (with the exception of Gmail). Because Yahoo! and Bing do not use encrypted search. This will prevent users from circumventing Web search filtering by using encrypted Google searches.
- Youtube for Schools: Enables Youtube's 'Youtube for Schools' functionality. This also requires you to enter a Youtube EDU ID. Details on Youtube for Schools can be found at http://support.google.com/youtube/bin/answer.py?hl=en&answer=2592715.
- Blocked URI patterns: Enter specific URI patterns you wish to block, one per line. See below for details on pattern matching.
- Whitelisted URI patterns: Enter specific URI patterns you wish to explicitly allow, one per line. See below for details on pattern matching.
Patterns for blocking or whitelisting specific URLs
Whenever a device on the network accesses a web page, the requested URL is checked against the configured lists to determine if the request will be allowed or blocked.
Pattern matching follows these steps in order:
- Try to match the full URL against either list (blocked vs whitelisted patterns list)
- Remove the protocol and leading "www" from the URL, and check again:
- e.g., foo.bar.com/qux/baz/lol?abc=123&true=false
- Remove any "parameters" (everything following a question mark) and check again:
- e,g., foo.bar.com/qux/baz/lol
- Remove paths one by one, and check each:
- e,g., foo.bar.com/qux/baz, then foo.bar.com/qux, then foo.bar.com
- Cut off subdomains one by one and check again:
- e.g., bar.com, and then .com
- Finally, check for the special catch-all wildcard, *, in either list.
If any of the above steps produces a match, then the request will be blocked or whitelisted as appropriate. The whitelist always takes precedence over the blocklist, so a request that matches both lists will be allowed. If there is no match, the request is subject to the category filtering settings above.
In the example above, the specific (longer) URL is allowed because it is the longest match, whereas any other access to foo.bar.com domain will be blocked.
HTTPS requests can also be blocked, but because the URL in an HTTPS request is encrypted, only the domain URL checks will be performed in the following order:
- * (the special character for catch-all URL)
Once your Active Directory server settings are entered into Dashboard, you can click Refresh LDAP Groups to populate a list of user groups in your domain. You can then select individual groups and apply configured Group policies to them. For information about configuring Group policies, see the Group policies page.