This article focuses on the Content Filtering feature of the Meraki MX Security Appliance. This feature is important because it can be utilized to control the type of content can be reached on the Internet. This is key when an administrator would like to limit the type of content his/her clients can reach.
Meraki MX Security Appliances integrate with Bright Cloud website reputation categories to group certain types of websites. When a user sends a HTTP request out to a website, the traffic will pass through the MX. The MX will try to match the URL against whitelisted/blocked URL rules and then against blocked categories. If there is a match, the MX will apply the correct rule to the client (i.e. forward the traffic out or send a block redirect page to the client).
Category blocking will block all the websites that contain that type of content. URL blocking will block the URL specifically, ranging from the website as a whole, or specific parts of a website. More information on this can be found under the MX Content Filtering page.
In the above example, any content that relates to government will be blocked because the 'Government' category is selected. There is also a Whitelist entry. Whitelisted URL's will be permitted before they are blocked by the Category. In this case, when a client sends a packet matching the URL of "whitehouse.gov/blog", the packet will be forwarded out allowing the user to reach that website even though the 'Government' category is blocked.
Although the URL "whitehouse.gov/blog" can be reached, the client will only be able to reach that URL. If the user tries to reach any other portion of the site that does not begin with that URL, they would be blocked. When very specific URLs are blocked (i.e. more specific than whitehouse.gov), it is advised to test the ability to reach the website. Other portions of that website may be stored in other areas of the web server, and this will cause the page to appear as broken.