Category Archives: How to block internet

How to block online file storage websites and file transfer applications?

Online storage solutions provide client applications and webpages for uploading and downloading files to and from their service. To stop business sensitive data being uploaded, you may want to block file storage websites and certain kind of applications.

In this post, I will try to explain the detailed steps with WFilter Enterprise.

First you need to install WFilter and make a correct deployment. Then you can add blocking policies.

1. Block online storage websites.

To block websites by categories, you need to enable “Block webpages by categories” and click “New…” in the dropdown list to create a category filtering rule. Then set “online storage” to “Deny”.

This option enables you to block most online storage websites, including both http and https sites.(ie: wetransfer.com)

block_filestorage01 block_filestorage02

2. Block file transfer applications.

To block file transfer applications, please click “edit” in “Applications” of your blocking policy. Then set certain protocols in “File transfers” to “Deny”. This option blocks pc and mobile applications clients. A supported protocol list can be found at WFilter supported protocols list.

block_filestorage03

Please note that the supported protocols and websites of WFilter can not cover all file transfer types.  If you want to block an application not in the supported list, please feel free to contact us. We will add it for you by free.

Also, for complete blocking of file transfers, you’re recommended to enable “website whitelist” of WFilter, so only work related websites can be accessed. And you also need to forbid usb and bluetooth devices.

 

 

 

How to block facebook video without blocking facebook?

Now days, people can not image life without facebook, however, streaming videos in facebook can consume a lot of your bandwidth. Sometimes, you may want to block facebook videos without blocking the entire facebook websites.

WFilter can divide facebook video traffic from other traffic. We defined a new protocol named facebook videos.

This facebook videos protocol can block tls sites fbcdn-creative-a.akamaihd.net, video.xx.fbcdn.net which are hosting facebook streaming.

Steps to setup the blocking policy

1. Edit your blocking policy and click “edit” in “Applications”.

2. Search facebook and set to “status” to “deny”.

Done.

WFilter 4.1 added monitoring by mac address solution for multiple-segment networks.

What is “by mac address monitoring mode”?

WFilter supports both “by ip address monitoring mode” and “by mac address monitoring mode”.

In “by mac address mode”, WFilter identifies a client device based on it’s physical MAC address. Even ip address of this device is modified(either by DHCP or by hand), WFilter still can identify it correctly. So the monitoring mode is useful in DHCP networks.

I would recommend you to choose monitoring mode in below steps:

  1. If ip addresses are static(or can be static), “by ip address” monitoring mode is recommended.
  2. If ip addresses are dynamic, “by mac address monitoring mode” is recommended for single-segment networks.

2. by mac address solution for multiple-segment networks

In a multiple-segment network, the core switch(gateway) will hide the real mac addresses of client devices, which makes the mac address monitoring mode not working.

In WFilter Enterprise 4.1, a program named “MAC Address Collector” is included. This program can detect and gather mac addresses of client devices via SNMP or ARP.

With “mac address collector”, you can monitor by mac addresses even in multiple-segment network.

More details and guide documents can be found at: Monitoring by mac addresses solutions

How to monitor and filter internet activities of PPPOE users?

PPPOE is widely used for user authentication and traffic accounting. However, it’s a little difficult to monitor and filter PPPOE clients’ internet usage and behavior.

In this example, we will demonstrate you to monitor and filter PPPOE clients with WFilter Free. Please notice that only non-encrypted and uncompressed PPPOE traffic can be supported. So the first step is to configure your PPPOE server for non-encryption and non-compression.

1. PPPOE server settings

Let’s take windows 2003 and RouteOS for examples.

1). 2003 Server Configuration

If you are using windows 2003 server as the PPPOE server, please follow below steps to configure:

In “Properties” of the “Routing and Remote Access”, disable “software compression” and “LCP” in the “PPP” tab.

Edit “remote access policy” for “no encryption” in “Edit Profile”. Notice: The default two policies shall all be modified.



2). ROS Configuration

If you are using routeOS as PPPOE server, please follow these steps to disable compression and encryption:

In “PPP” tab of “Profiles”, click “Protocols” and disable compression and encryption.

2. Monitor PPPOE clients in WFilter

2.1) Choose the internal adapter

Now WFilter is able to parse PPPOE traffic. In this example, we just install WFilter free in the windows 2003 PPPOE server.

You need to choose the internal adapter as the “monitoring adapter” in “System Settings”->”Monitoring Settings” of WFilter.


2.2). Setup client policy

Add a block policy to block web surfing.


Apply this policy to PPPOE clients’ ip ranges


2.3). Check Blocking

PPPOE clients get blocked.

Blocking events in WFilter.

How to block pps streaming movies in iphone and android?

WFilter can block online streaming traffic in your network, even for mobile devices. In this tutorial we will guide you to block pps streaming in iphone and android with WFilter 4.0.

Create a “block PPS” policy

Apply this policy to certain devices

Check blocking

PPS in android is now unavailable.

PPS in iphone becomes infinite loading.

Blocking events in WFilter.

How to block youtube website access of network computers?

Since youtube video streaming can consume a lot bandwidth, you might want to block youtube access during working hours. This tutorial will guide you to setup an internet policy to block youtube access at work with WFilter 4.0 version.

You can block youtube at different levels:

  1. Block youtube access completely.
  2. Block youtube access during working hours.
  3. Block youtube videos, but allow youtube website.

1. Block youtube website completely

You can block youtube with WFilter’s “Website black list”, as shown in below figure:


You also can block youtube by blocking the “Streaming Media” website category. All streaming websites in WFilter url database will be blocked.

Access blocked.

Because youtube also provides HTTPS access, you need to enable a HTTPS black list to block HTTPS access of youtube.


HTTPS access blocked.

2. Block videos, but allow website access

If you want to allow youtube website, but block all videos. You can enable the “Block Online HTTP Video and Downloading of Video Files” option to do it.


How to set a redirect denial page in WFilter?

Sometimes you might want to redirect blocked websites to a new URL. To do this, you need to edit WFilter denial page in source mode.

This tutorial will guide you to configure a redirect denial page in WFilter.

First, edit a blocking level

Edit a blocking level and new a denial page. Please don’t forget to list your new URL in the exception list.

Second, edit the denial page in source mode.

A javascript code is required:

<script>window.location=”http://www.yourwebsite.com/…”;</script>

Third, uncheck “view source” and click “Save” to save the settings.

Please notice, click “save” after unchecking “view source”.

Done, now all blocked web request will be redirected to the new url.

More information, please check “WFilter Enterprise”.

Other related links:

How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to track and restrict internet usage in your network?

Internet can be a benefit to business when used properly, but internet is often abused by employees and poses significant liability and security risks:

  • 1. Internet downloading and malicious websites are harmful to your network.
  • 2. Online messengers, social networks websites are killing your productivity.
  • 3. P2P programs and IPTV applications can easily consume most of your bandwidth.
  • 4. Sharing of copyrighted popular music and movies is illegal in most jurisdictions.

Therefore, it is necessary for business administrators to track employees internet usage and restrict internet usage in company networks.

Below I list several aspects to track and filter internet activity on company networks.

1. Keep a record of internet activities.

To track internet usage, you can setup a mirroring port in your switch, and connect an internet monitoring product to this mirroring port to archive all internet activities.

Please check this blog article: How to monitor internet usage on company network?

2. Restrict websites access

  • 1. Only work-related websites are allowed during work time.
  • 2. Destructive websites like violence, adult, shall be blocked always.
  • 3. Downloading websites shall be blocked to save bandwidth if you are suffering from slow internet speed.

For those companies who are very strict with websites browsing, you can implement a website whitelist, by which, only websites in the whitelist can be visited.

How to whitelist websites?

3. Block bandwidth consuming protocols

To keep your internet working smoothly, bandwidth consuming protocols like p2p downloading, online streaming shall be blocked during working hours.

Please check:

1. How to monitor internet bandwidth?
2. How to block p2p traffic in your network?

How to deploy internet monitoring and filtering in RRAS windows gateway?

Routing and Remote Access is a network service in Microsoft Windows Server 2008, Windows Server 2003, and Windows 2000 Server that can provides Network address translator (NAT) for connecting a private network to the Internet. An example network topology is as below:


Since all internet traffic goes through the RRAS server, it’s very simple for you to monitor and filter internet activities: “just install WFilter in this server.”


The RRAS server has two adapters: the internal NIC and external NIC, you shall be able to see two adapters in the “monitoring adapter settings” of “System Settings”->”Monitoring Settings”.


We recommend you to choose the internal NIC as the monitoring and blocking adapter, because you will be able to monitor, block and report on individual network computers.


However, if you choose the external NIC as the monitoring and blocking adapter, WFilter will treat the whole network as one computer, because the RRAS server will translate all subnet ip addresses to its public ip address.


We have noticed that some users prefer to monitor on the internal NIC to save license number, because you only need ONE 1-user license to monitor the public ip address. However, we recommend you not to do it, because this is not WFilter designed to work, and there might have an over-blocking issue for some p2p protocols.


 


More information, please check “WFilter Enterprise”.


Other related links:


How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?

How to identify computers in WFilter?

WFilter can monitor and filter computers internet activities in your network. In WFilter, two monitoring modes are available: “by ip address” and “by MAC address”. In “by ip address” monitoring mode, WFilter identifies a computer based on its ip address, while it identifies a computer based on its MAC address in “by mac address” monitoring mode.

However, if computers ip addresses are not fixed in your network. You might have trouble to identify a computer to set its monitoring/blocking policy.

This tutorial will introduce you several solutions to identify computers in your network in WFilter.

1. Monitor and block by AD users

Since WFilter can be integrated with Microsoft active directory, you don’t need to face the trouble of identifying computers if you have an available AD.

With “account monitoring” enabled, you can set blocking policy based on AD users, despite which computers they are using.

Please check this document for more details about “account monitoring”: How to do monitoring based on user accounts?

2. Identify computers by MAC addresses

With “by mac address” monitoring mode, WFilter identifies a computer by its MAC address. MAC address is assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware. It won’t change unless the NIC hardware is replaced.

When you set a recording policy or blocking policy to one computer in “user-computer table”, certain settings will be bound to its mac address. Even its ip address is changed, certain settings will not be lost.

However, “By MAC address” monitoring mode is only available for single-segment networks, because a computer’s mac address can not be retrieved when it’s located behind a router.

Therefore, in a single-segment network, “by mac addresses” will be a good choice if your ip addresses are dynamic.

3. Identify computers by IP addresses

If your network is multi-segments, you only can use “by ip address” monitoring mode. Therefore, we recommend you to make ip addresses static in a multi-segments network. If you want to leave the ip addresses as dynamic, the only solution left is “Monitor and block by AD users” as discussed above.

More information, please check “WFilter Enterprise”.

Other related links:

How to block internet
downloading?

How to monitor
internet usage on company networks?

Internet monitoring
software for business

How to
filter web surfing?

How to block
websites and restrict internet access?

How to block HTTPS
websites on my network?

How to setup ip-mac binding in WFilter?
How to block facebook at work of network computers?