Chapter 10 HTTP and FTP filtering
Note: WinRoute provides only tools for filtering and access limitations. Decisions on which websites and files will be blocked must be made by the administrator (or another qualified person).
10.1 Conditions for HTTP and FTP filtering
For HTTP and FTP content filtering, the following conditions must be met:
1.Traffic must be controlled by an appropriate protocol inspector.
An appropriate protocol inspector is activated automatically unless its use is denied by traffic rules. For details, refer to chapter 6.3.
2.Connections must not be encrypted. SSL encrypted traffic (HTTPS and FTPS proto- cols) cannot be monitored. In this case you can block access to certain servers using traffic rules (see chapter 6.3).
3.FTP protocols cannot be filtered if the secured authentication (SASO) is used.
4.Both HTTP and FTP rules are applied also when the WinRoute’s proxy server is used (then, condition 1 is irrelevant). However, FTP protocol cannot be filtered if the parent proxy server is used (for details, see chapter 5.5). In such a case, FTP rules are not applied.
5.If the proxy server is used (see chapter 5.5), It is also possible to filter HTTPS servers (e.g. https://secure.kerio.com/). However, it is not possible to filter individual objects at these servers.
10.2 URL Rules
These rules allow the administrator to limit access to Web pages with URLs that meet cer- tain criteria. They include other functions, such as filtering of web pages by occurrence forbidden words, blocking of specific items (scripts, active objects, etc.) and antivirus switch for certain pages.
To define URL rules, go to the URL Rules tab in Configuration → Content Filtering → HTTP Policy.
Rules in this section are tested from the top of the list downwards (you can order the list entries using the arrow buttons at the right side of the dialog window). If a requested URL passes through all rules without any match, access to the site is allowed. All URLs are allowed by default (unless denied by a URL rule).
Note: URLs which do not match with any URL rule are available for any authenticated user (any traffic permitted by default). To allow accessing only a specific web page group
