Chapter 16 Content Filtering
USG FLEX H Series User’s Guide
247
The following table describes the labels in this screen.
Table 126 Configuration > Security Service > Content Filter > Web Content Filter> General
LABEL DESCRIPTION
For HTTP(S) traffic scan
Enable Select this check box to have the Zyxel Device block HTTPS web pages using the
cloud category service.
In an HTTPS connection, the Zyxel Device can extract the Server Name Indication
(SNI) from a client request, check if it matches a category in the cloud content filter
and then take appropriate action. The keyword match is for the domain name only.
Enable Block Page Use this field to have the Zyxel Device display a warning page instead of a blank
page when an HTPPS connection is redirected.
Denied Access
Message
Enter a message to be displayed when content filter blocks access to a web page.
Use up to 127 characters (0-9a-zA-Z;/?:@&=+$\.-_!~*'()%,”). For example, “Access to
this web page is not allowed. Please contact the network administrator”.
It is also possible to leave this field blank if you have a URL specified in the Redirect URL
field. In this case if the content filter blocks access to a web page, the Zyxel Device
just opens the web page you specified without showing a denied access message.
Redirect URL Enter the URL of the web page to which you want to send users when their web
access is blocked by content filter. The web page you specify here opens in a new
frame below the denied access message.
Use “http://” or “https://” followed by up to 262 characters (0-9a-zA-Z;/?:@&=+$\.-
_!~*'()%). For example, http://192.168.1.17/blocked access.
For DNS Domain scan
Enable DNS Domain
scan
Select this to have the Zyxel Device inspect DNS queries made by users on your
network.
Blocked Domain This is the URL of the web page to which you want to send users when their web
access is blocked by DNS content filtering. The web page you specify here opens in a
new frame below the denied access message.
Select default to send users to the default web page when their web access is
blocked by DNS content filter.
Select custom-defined to send users to the web page you set when their web access
is blocked by DNS content filter. Use “http://” followed by up to 255 characters (0-9 a-
z A-Z;/?:@&=+$\.-_!~*'()%) in quotes. For example, http://192.168.2.17/blocked
access.
Category Server is
unavailable
Select Pass to allow users to access any requested web page if the external content
filtering database is unavailable.
Select Block to block access to any requested web page if the external content
filtering database is unavailable.
The following are possible causes for the external content filtering server not being
available:
• There is no response from the external content filtering server within the time
period specified in the Content Filter Server Unavailable Timeout field.
• The Zyxel Device is not able to resolve the domain name of the external content
filtering database.
• There is an error response from the external content filtering database. This can be
caused by an expired content filtering registration (External content filtering’s
license key is invalid”).
Select Log to record attempts to access web pages that occur when the external
content filtering database is unavailable.
Collect Statistics Enable to have the Zyxel Device collect content filtering statistics. All of the statistics
are erased if you restart the Zyxel Device or click Flush Data in Security Statistics >
Content Filter.
To Next Page
Loading...
