Chapter 36 Content Filtering
ZyWALL/USG Series User’s Guide
625
• Restrict Web Features
The ZyWALL/USG can disable web proxies and block web features such as ActiveX controls, Java
applets and cookies.
• Customize Web Site Access
You can specify URLs to which the ZyWALL/USG blocks access. You can alternatively block access
to all URLs except ones that you specify. You can also have the ZyWALL/USG block access to
URLs that contain particular keywords.
Content Filtering Configuration Guidelines
When the ZyWALL/USG receives an HTTP request, the content filter searches for a policy that
matches the source address and time (schedule). The content filter checks the policies in order
(based on the policy numbers). When a matching policy is found, the content filter allows or blocks
the request depending on the settings of the filtering profile specified by the policy. Some requests
may not match any policy. The ZyWALL/USG allows the request if the default policy is not set to
block. The ZyWALL/USG blocks the request if the default policy is set to block.
External Web Filtering Service
When you register for and enable the external web filtering service, your ZyWALL/USG accesses an
external database that has millions of web sites categorized based on content. You can have the
ZyWALL/USG block, block and/or log access to web sites based on these categories.
HTTPS Domain Filter
HTTPS Domain Filter works with the Content Filter category feature to identify HTTPS traffic and
take appropriate action. SSL Inspection identifies HTTPS traffic for all UTM traffic and has higher
priority than HTTPS Domain Filter. HTTPS Domain Filter only identifies keywords in the domain
name of an URL and matches it to a category. For example, if the keyword is 'picture' and the URL
is http://www.google.com/picture/index.htm, then HTTPS Domain Filter cannot identify 'picture'
because that keyword in not in the domain name 'www.google.com'. However, SSL Inspection can
identify 'picture' in the URL http://www.google.com/picture/index.htm.
Keyword Blocking URL Checking
The ZyWALL/USG checks the URL’s domain name (or IP address) and file path separately when
performing keyword blocking.
The URL’s domain name or IP address is the characters that come before the first slash in the URL.
For example, with the URL www.zyxel.com.tw/news/pressroom.php
, the domain name is
www.zyxel.com.tw
.
The file path is the characters that come after the first slash in the URL. For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, the file path is news/pressroom.php.
Since the ZyWALL/USG checks the URL’s domain name (or IP address) and file path separately, it
will not find items that go across the two. For example, with the URL www.zyxel.com.tw/news/
pressroom.php, the ZyWALL/USG would find “tw” in the domain name (www.zyxel.com.tw). It
would also find “news” in the file path (news/pressroom.php
) but it would not find “tw/news”.
To Next Page
Loading...
