To filter websites of local network clients, you can have several options.
- First check the features of your internet router/gateway. If you have a powerful router/gateway, you can directly do monitoring/filtering in the router itself.
- You also can try pass-by filtering software solutions. For example, WFilter internet content filter, by setting up a mirroring port in your switch, you can get powerful internet monitoring and filtering with the WFilter program.
WFilter is a windows software program. You can install it in any windows pc, when the wfilter pc is connected to the mirroring port of your switch, you will be able to monitor/filter all network clients.
In WFilter, you can setup internet filtering(application control) and website filtering policies.
You also can block websites by categories, for examples, porn/malicius/streaming sites can all be blocked by one click.
This post will demonstrate the steps to block website categories of network clients, with WFilter internet content filter(WFilter ICF 4.1).
WFilter contains an integrated URL database, which includes about 60 website categories. With website category filtering features, you can block certain categories by a few clicks. This website category filtering feature is also available in WFilter NG firewall.
1. Add a new blocking policy
New a blocking policy in “Policy Settings”->”Blocking Levels”. In “Category”, you need to check “Block webpages by categories”. Then click “New…” in the dropdown list.
2. Block certain categories.
To block a website category, you simply need to set “Access Policy” to “Deny” . In this example, we set “Sexual” sites to “Deny”.
3. Apply this blocking policy.
In “user-device list”, set default “blocking policy” to the new added “block websites category” policy. So all network clients will be blocked.
4. Check the blocking.
Since chrome implemented QUIZ to server web requests, it has been a dark period for IT administrators because normal web filter won’t work to filter google/youtube sites. You may check more details at Why is Google’s QUIC Leaving Network Operators in the Dark? A protocol description of QUIZ can be found at: https://www.chromium.org/quic
Our team has worked out solutions to block QUIZ, so you can get web filter back to working.
For WFilter Enterprise and WFilter Free, you simply need to block UDP port 443 in your router/firewall. Steps to block udp ports can be found at here: http://wiki.wfiltericf.com/Block_udp
For WFilterROS, please check this post: Do not forget to block QUIZ to block youtube and other google sites.
Unlike HTTP, HTTPS connections are protected by SSL. To filter HTTPS websites, the web filter shall have the ability to parse SSL handshake packages.
WFilter, both the enterprise and free editions, all can support blocking of HTTPS domains.
In this post, I will demonstrator you how to block https sites with WFilter Free.
1. Enable Websites Black List
As in the figure, enable a website black list, and check “enable for https websites”. Both http and https websites in the black list will be blocked.
2. Sites being blocked.
HTTP sites being blocked, a denial page will appear.
HTTPS sites being blocked, because it’s impossible to inject a denial page into a ssl connection, WFilter will simple kill the https connection.
For more details, please check: WFilter Free – Free web filter software for network, network web filter software for business, network internet filter software for business…
1. Add a “block facebook” policy.
2. New a website black list.
3. Define ip ranges to be blocked.
4. Visit facebook to check.
Https facebook is also blocked.
This tutorial will guide you to block google images with WFilter.
First, enable “URL Keywords Filtering” in a blocking level.
Add an URL filter rule, and add keyword “imghp” in “Search Engines”.
Second, enable a website black list to block “images.google.*”
Now, google images will be blocked.
Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network.
Online streaming can run on different protocols:
- Video websites like youtube. You can watch video directly on the webpages.
- Standard Real Time Streaming Protocol(RTSP).
- P2P based streaming products, like pplive, ppstream.
- Video downloading websites.
Therefore, for complete blocking of online streaming, you need to setup several policies.
1. Block streaming webpages
You can block video webpages by check “Block Online HTTP Video and Downloading of Video Files” in WFilter.
Step1: Enable this blocking option in blocking level settings.
Step2: Apply this policy to computers.
Step3: Check blocked video webpages
Now video webpages are blocked.
2. Block “Streaming Media” website category
WFilter has an url database with most common websites. You can block streaming websites category.
Streaming websites will be blocked.
For more details about WFilter, please check: WFilter Features
Since youtube video streaming can consume a lot bandwidth, you might want to block youtube access during working hours. This tutorial will guide you to setup an internet policy to block youtube access at work with WFilter 4.0 version.
You can block youtube at different levels:
- Block youtube access completely.
- Block youtube access during working hours.
- Block youtube videos, but allow youtube website.
1. Block youtube website completely
You can block youtube with WFilter’s “Website black list”, as shown in below figure:
You also can block youtube by blocking the “Streaming Media” website category. All streaming websites in WFilter url database will be blocked.
Because youtube also provides HTTPS access, you need to enable a HTTPS black list to block HTTPS access of youtube.
HTTPS access blocked.
2. Block videos, but allow website access
If you want to allow youtube website, but block all videos. You can enable the “Block Online HTTP Video and Downloading of Video Files” option to do it.
Sometimes you might want to block google mail(gmail) access in your network. This tutorial will guide to block gmail with WFilter.
Google mail( gmail ) supports vary kinds of access, including:
- Web access via HTTPs protocol.
- SMTP over SSL for sending emails.
- POP over SSL for receiving emails.
- IMAP over SSL for receiving emails.
So for complete blocking of gmail, you need to enable blocking of certain email protocols, and also need to enable “HTTPS black list” to block gmail web access.
1. Block SMTP/POP/IMAP over SSL
Enable blocking of “SMTP over SSL”, “POP over SSL” and “IMAP over SSL” in certain blocking policy. These settings will block gmail access from email client programs.
2. Block gmail web access.
Enable “HTTPS black/white list”, and choose “New” to new a list.
Add “mail.google.com” into the new HTTPs black list.
New gmail web access is also blocked.
Please notice: if gmail web page is already open before enabing of HTTPs black list, the current https session can not be blocked until restarting of your browser.
More information, please check “WFilter Enterprise”.
Other related links:
How to block UDP ports in RRAS windows server 2003?
How to block internet downloading?
How to monitor internet usage on company network?
Internet monitoring software for business
How to filter web surfing?
How to block websites and restrict internet access?
How to block HTTPS websites on my network?
WFilter 4.0 version will be released soon after nearly two years development.
The new version made a lot improvement and optimization of current features. Also a series of new features are added, such as “WFilter Dashboard”, “Central Management of WFilter servers”, “WFilter Local Account”, “Multi-adapter Monitoring”, and several new alert types. Below is a brief introduction to these new features:
1. WFilter Dashboard
WFilter Dashboard allow you to check the monitoring status, log storage status, system warnings from a central dashboard.
2. WFilter Servers Management
This feature enables you to manage several WFilter servers from a central localtion.
3. Default IP Policy
The “Default IP Policy” feature enables you to set different policies to different ip ranges, when a new computer found it’s default ip policy will be applied.
4. Search of Network Computers
You can use the “Search Computers” feature to search computers in your network. It’s more convenient than the passive computer finding in the old version.
5. More Alert Types
More alert types are added: disk space alert, new computer alert, ip address changing alert…
6. More Powerful Account Monitoring
WFilter’s “account monitoring” feature can integrate WFilter with your active directory. So you can deploy monitoring based on user accounts. The new version added “WFilter local accounts” feature. When you don’t have an available active directory, you also can use “WFilter local account” feature to monitor/filter by user accounts.
6.1 Integrate Active Directory
6.2 WFilter local account
7. Multi-adapters Monitoring
WFilter 4.0 can support monitoring on multiple adapters to support complicated networkings.