Author Archives: WFilter

How to check whether a switch supports port mirroring?

To monitor internet activities of all computers in your network, the WFilter computer shall be connected to a mirroring port of your switch, or install WFilter into a gateway computer.

Some inexperienced users might don’t know whether a switch can support port mirroring. Hence we list how to check whether port mirroring is supported by your switch.

First, check the features list of your switch.

“Port mirroring” is also called as “port SPAN”, “port monitoring”. A port mirroring switch is usually called “a manageable switch” or “managed switch”.
If you can find certain keywords in your switch features list or manual, “port mirroring” is supported.

Example 1: description of cisco 2950.


Example 2: feature list of NETGEAR GS108T.

Second, check switch Web UI to find mirroring options.

Most manageable switches provide you a web UI or console interface for you to change it settings. If you can find “port mirroring” or “port monitoring” options in its Web UI, certainly port mirroring is supported.

Example 1: Web UI of dlink 3226.

Example 2: Web UI of netgear GS748AT.

For more information, please check: Why WFilter can only monitor itself? How to monitor other computers in network?

How to block internet access of guest computers in network?

Guest computers might come and leave for a network. However, unmanaged internet access of guest computers could be a nightmare for your network. Guest computers can consume most of your bandwidth with p2p downloading, and download copyrighted materials or virus which might be harmful.

This tutorial will guide you to setup a default internet blocking policy for guest computers with WFilter 3.3 version.

1. Set a different ip address range for guest computers.

If guest computers share a same ip address range with your existing computers, you won’t be able to recognize them. For management purpose, the guest computers shall be in a different ip address range. For example:

1. Allocate all you existing computers with static ip addresses from “192.168.1.0″ to “192.168.1.200″.

2. In your wireless AP, set the DHCP range from “192.168.1.200″ to “192.168.1.250″.

Now every guest computers(mostly laptops) will get an ip address in range “192.168.1.200 – 192.168.1.250″. Then you can set a blocking policy for them in WFilter.

2. Setup default blocking policies for certain ip ranges.

Now you can setup a default blocking policy for ip address in range “192.168.1.200 – 192.168.1.250″. Every new computers in this ip range will be applied with this default policy.

Please notice: If you can not setup a different DHCP range for guest computers, you also can enable this “default monitoring policy” for new found computers. This feature is for WFilter to automatically configure monitoring and blocking policy when it detects a new computer.

More information, please check “WFilter Enterprise”.

Other related links:

How to
block internet downloading?

How
to monitor internet usage on company network?

Internet
monitoring software for business

How to filter
web surfing?

How
to block websites and restrict internet access?

How
to block HTTPS websites on my network?

 

How WFilter works to block internet connections in network?

How WFilter works to monitor and archive internet activities?

WFilter is an enterprise Internet filtering software program. A business or
organization can implement its Internet communication policy into
WFilter and let it perform the work.
WFilter intercepts, records and monitors Internet behaviors of users
on a network, for the purpose of ensuring policy compliance, or
measurement on job performance in an organization.

A mirroring port replicates the data from other ports or VLAN’s. To monitor all internet activity, WFilter needs to be connected to a mirroring port of your switch.  And the mirroring port shall be configured to mirror your internet traffic.

When connected to a mirroring port, WFilter gets packet copies of all internet traffic, then decodes and saves them into log files. This is how WFilter works to monitor internet usage.

For more information about how to setup port mirroring, please check: WFilter Deployment Examples.
To check whether your port mirroring is properly configured, please check: How to check whether port mirroring is properly configured?
If you don’t have a manageable switch, you need to setup a windows gateway or proxy server to do monitoring, please check: How to monitor internet usage without a manageable switch?

How WFilter works to block internet connections?

Many users had asked: “Since WFilter only handles packet copies and the original packets don’t pass through WFilter machine, how WFilter works to block internet connections?”

Actually, there are two filtering technology: pass-through filtering and pass-by filtering.

With a pass-through filtering solution, packets shall pass through the filtering product; if a packet needs to be blocked, the filtering product just drop it.

However, a pass-by filtering product only handles copies of network packets, it can not hold the original packets. Therefore, it sends RST packets to terminate TCP connections. This is how WFilter works to block connections.

Please notice:

1. Since WFilter needs to send RST packets to block a connection, the “blocking adapter” of WFilter shall be able to access your network. The blocking adapter shall be configured in “System Settings”->”Monitoring Settings” of WFilter.

2. Some switches do not allow outgoing traffic on the mirroring port, if so, you need to setup a separate NIC as the blocking adapter. Even outgoing traffic is allowed on the mirroring port, we recommend you to use a secondary NIC for blocking when you’re managing over 100 computers.  Otherwise, the monitoring adapter will be overloaded.

3. If you have multiple VLANs, the blocking adapter shall belong to a VLAN which can communicate with other VLANs.

4. Sometimes you might need to set “Automatic Metric” of the blocking adapter for windows to recognize this adapter as the primary adapter. Please check this blog topic: Blocking adapter doesn’t work when using two network cards with WFilter.

For more information about difference of the two filtering solutions, please check: What’s the difference between Pass-by filtering and Pass-through filtering?
More details about WFilter filtering technology, please check: WFilter Technologies and Security

How to block Mail.Ru Agent in network?

1. What is the Mail.Ru Agent?


Mail.Ru is the leading Internet portal in Russia in communication and entertainment. Its key product is the biggest communication portal for Russian speaking audience that includes the largest free webmail service, instant messenger Mail.Ru Agent, national social network Moi Mir@Mail.Ru and search engine Poisk@Mail.Ru, Mail.Ru headquarters is in Moscow.


Also Mail.Ru is the leader in online game publishing with over 50 percent market share in Russia. The company is a publisher of more than 100 game titles in Russia, Europe, Asia, including such popular original titles as Troetsarstvie, Legend: Legacy of the Dragons, Allods Online as well as successful international licenses such as Perfect World II, Lord of the Rings Online. Also Mail.Ru owns 50 percent in NIKITA.ONLINE.


This turtorial will guide you to block Mail.Ru Agent in your network.


2. How to block Mail.Ru Agent and Web-Mail.Ru?


2.1. First, add a new Custom Protocol


Because “Mail.Ru Agent” is not in Wfilter default pattern database, you need to add a custom protocol.



            The first pattern:


            Name: Mail.Ru_TCP
            Desc: Mail.Ru_TCP
            Type: TCP SEND
            Offset: 0
            Format: 0
            Content: ^\xef\xbe\xad\xde


            The second pattern:


            Name: Mail.Ru_HTTP
            Desc: Mail.Ru_HTTP
            Type: HTTP SEND
            Offset: 0
            Format: Host
            Content: ^(mra|webagent)\.mail\.ru


              The third pattern:

            Name: Mail.Ru_TCP_2
            Desc: Mail.Ru_TCP_2
            Type: TCP RECV
            Offset: 0
            Format: 0
            Content: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:2041\x0a$


 


2.2. Enable blocking of “Mail.ru Agent” in certain blocking policy.




Apply this blocking policy to certain computers.


 


3. Now Mail.Ru Agent will be completely blocked.




4. Web-Mail.Ru is also blocked.



More information, please check “WFilter Enterprise”.


Other related links:


How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?


 

How to block proxy websites in network?

Even a content filtering product is deployed in your network, some experienced users still can bypass the content filter via proxies.

There are three kinds of proxies:

1). Proxy server

Proxy server provides proxy service for applications to access internet via proxy protocol, including HTTP, FTP., SSL and SOCKS proxy. SOCKS protocol description

2). Proxy Website

A proxy site is a web page which allows you to browse your favorite web sites – even though your access to those web sites might be blocked by a content filter.

3). VPN tunnel service

Online VPN service, for example: tor. Please check this blog for how to block tor.

In this tutorial, I will guide you to block proxy servers and proxy websites.

1. How to block proxy servers?

We can block proxy servers simply by block proxy protocol, such as HTTP, SOCKS.

2 Block proxy websites

2.1 Using website black list to block proxy sites

You can add proxy websites to a website black list to be blocked.

However, since a website black list can not contain all proxy websites, we recommend you to enable “URL keywords filtering” and “Web access rules” to block proxy websites based on our URL database and URL keywords.

2.2 Using URL keywords to block proxy sites

Add “proxy”, “unblock” to “Proxies”. So URLs with certain keywords will be blocked.

2.3 Using “Web access rules” to block proxy sites

Websites in “Proxies” category will be blocked. WFilter already has a default URL database which contains most common websites.

How to block PPStream online video in network?

Many people might eager to know how to block PPS in their network. Because their roommates or family members eat up their bandwidth by using PPS. And the reason why it is hard to block PPS is it can use any random port.


What is PPStream?


PPS (PPStream) is a Chinese peer-to-peer streaming video network software. Since the target user is in Chinese mainland, there is no official English version, and bast majority of channels are from Eastern Asia, mostly Mainland China, Korea, Japan, Hong Kong, Taiwan and Singapore. Channel varieties vary from Chinese movies to Japanese anime, sports channels, as well as American popular TV and films.


It broadcast TV programs stably and smoothly to broadband users. Compared to traditional stream media, PPStream adopts P2P-streaming technology and supports high-volume traffic with tens of thousands of users online at once.


Brief introduction of PPStream protocol


How to block PPStream with the help of WFilter?


1. You need to block to block UDP ports 1024-65534 in your router or firewall.


2. Add a blocking level and enable “Block PPS”.



3. Apply blocking level to the computers you want to block.



4. Blocking events in WFilter.



Check PPStream blocking video at: http://www.youtube.com/watch?v=U2RbOgUEaDQ


You can find how to block P2P traffic and downloading at: How to block P2P traffic and downloading?

How to block BitTorrent traffic in your network?

Some of you might find out that the speed of your network is very slow. Maybe some users were watching movies, there is also another possibility—they might be using some BitTorrent client to download movies and music and software.


A lot of people asked about how to block BitTorrent traffic. Usually when we want to block some software, we would think about block some ports. Actually this might not work in blocking BitTorrent. Because BitTorrent can use any random port.For more details about BitTorrent protocol, please check: BitTorrent protocol.


Now you can block BitTorrent easily with the help of WFilter. I will show you how to block BitTorrent step by step.



How to block BitTorrent with WFilter?



1. First you need to block UDP ports 1024-65534 in your router or firewall.


2. Add a blocking level and enable “Block BitTorrent”



3. Apply blocking level to the computers you want to block.



4. Blocking events in WFilter.



Before blocking, bittorrent had a “down speed” of “155kB/s”.



After blocking, the “down speed” and “up speed” are all ZERO.



Check bittorrent blocking video at:http://www.youtube.com/watch?v=8FFUQ4br-YA


You can find the more about how to block P2P traffic and downloading at How to block P2P traffic and downloading?


 

How can I block tor or other similiar application?

1. What is tor ?

Tor is a system intended to enable online anonymity, composed of client software and a network of servers which can mask information about users’ locations and other factors which might identify them. Use of this system makes it more difficult to trace internet traffic to the user, including visits to Web sites, online posts, instant messages, and other communication forms. It is intended to protect users’ personal freedom, privacy, and ability to conduct confidential business, by keeping their internet activities from being monitored. The software is open-source and the network is free of charge to use.

Since client workstations can use tor to bypass internet filtering, so you may want to block tor traffic in your network.

In this tutorial, we will guide you to block tor traffic with “WFilter
Enterprise 3.3″.

2. How to block tor with Wfilter?

Because tor uses HTTP/TLS to encrypt its traffic, we need to use “HTTPS black/white list” feature of WFilter to filter HTTPS websites to block tor.

First, create a new “HTTPS White List” and add the allowed HTTPS domains in it. As in below figure:


Enable “HTTPS black/white list” in certain blocking level settings.

Finally, apply this blocking policy to certain computers.

3. Now tor will be completely blocked.


Blocking events in WFilter:

More information, please check “WFilter Enterprise”.

Other related links:

How to block
internet downloading?

How
to monitor internet usage on company network?

Internet
monitoring software for business

How to filter web
surfing?

How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to block windows update in my network?

Sometimes you might want to block automatic windows update on your network without the need to manually configure every workstation.

To block windows update, certain websites in the below list shall be blocked.

  • *.windowsupdate.com
  • *.update.microsoft.com
  • *updates.microsoft.com

You can block certain websites in your firewall to achieve that. In this tutorial, I will guide you to block windows update with “WFilter Enterprise 3.3″.

First, add a website black list and enable it in a certain blocking policy.

In the website black list, you need to add “*.windowsupdate.com” and “*.update.microsoft.com”.

 

Second, apply this blocking policy to certain computers.

 

 

Now, windows update will be completely blocked.

How to add a logo image into WFilter blocking page?

WFilter blocking denial page presents a blocking message to blocked users when a web page is blocked. Sometimes, you may want to add your logo image into WFilter blocking denial page.

This tutorial will guide you to add a logo image with “WFilter Enterprise 3.3″.

1. It is simple to add your logo when you have a website with this image. As you can see in below figures, just click “Add image” and input your logo url when editing a denial page.

2. However, if you don’t have an available website, you need to upload your image file to WFilter “image” directory for WFilter to find it. Please follow below steps:
1). Copy your image file to “www/image” directory of WFilter.
2). Click “Add image” in certain denial page, please notice you need to input full url address of your logo here. For example, if the IP address of WFilter computer is “192.168.1.20″, you need to input “http://192.168.1.20:9090/image/yourlogo” here. Do not use “http://localhost:9090/image/yourlogo”.

Webpage being blocked:

3. If you’re familiar with HTML code, you also can edit the
denial page source manually in “config/Denypage” directory of WFilter.

More information, please check “WFilter Enterprise”.
Other related links:
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?