| |
You can have ICS perform URL filtering to block specific URLs or always allow them to be vended. You can create your own Never Allow and Always Allow list, and you can subscribe to one or more cooperating filter services and use their lists.
Filter service providers evaluate URLs based on categories like violence, language, adult content, etc. Each of the categories has two or more threshold values. For example, the violence category thresholds might include No Violence, Some Conflict, Fighting, Blood and Gore, and Wanton Violence. Content is filtered (blocked) if its rating exceeds a specified threshold level for the category. Content can also be explicitly allowed if its rating is equal to or lower than a specified threshold for the category being considered.
To set up a filtering service on the ICS appliance
Subscribe to a cooperating filter service.
Once subscribed you will receive a download URL, an account name, and an account password.
In the browser-based tool, click Cache > Filtering > Insert under Service List.
In the Insert Filter Service dialog box, fill in the following fields:
Service Name: A name with no spaces or special characters that you use for the filter service.
Configuration File URL: The URL you received when you subscribed to the filter service.
Account Name: The account name you received when you subscribed to the filter service.
Account Password: The password you received when you subscribed to the filter service. This appears as clear text in the box, but it will be transmitted over the wire using HTTPS.
Click OK.
Ensure that Enable is checked and then click Apply.
This turns on the service for downloading and turns on filtering once the service is downloaded.
A filtering service is scheduled for its first download when you check Enable and click Apply. If you want to view or modify the schedule, or any of the attributes of the filtering service, select the intended list and click Modify.
You can change any of the original values you set when you created the service list item and you can specify the frequency of downloads as well as view or change when the next download will occur.
It is a good idea to schedule filter downloads for off-peak times on your network.
When filtering is enabled, ICS handles requested pages in one of three ways:
Filter service providers use different schemas for presenting content filtering control. You will see two types of threshold values for a category as shown in the following table.
| Schema Type | Category | Threshold Values |
|---|---|---|
Multiple threshold values |
Badness |
Horrible Worse Bad Good |
Two threshold values |
Badness |
True False |
When you create a red flag, you are specifying the threshold value that, if exceeded, causes the page to be blocked.
If, in the multivalued example above, badness has a red flag threshold of bad, then pages rated worse or horrible for this category are blocked.
If, in the two-valued example above, you specified the badness threshold to be false, then all pages that have the threshold of true for badness are blocked, because they exceed the threshold level specified.
When you create a green flag, you are specifying the threshold value that, if met or below, specifically allows the page to be vended.
If, in the multivalued example above, badness has a green flag threshold of bad, then all pages that are good or bad are specifically allowed to be vended.
If, in the two-valued example above, badness has a green flag threshold of false, then pages rated false for badness are specifically allowed to be vended.
NOTE: Green flags are processed before red flags. Once a green flag is identified, the page is immediately vended even if a red flag would have prevented vending of the page.
If you want any unrated content blocked for a specific category, check Block Unrated for the category that has a red flag type.
You can create an override list of URLs that should be either Always Vended or Never Vended. The override list always takes precedence over any conditions specified in the filtering services described above.
To add entries to the override list, do the following:
In the browser-based management tool, click Cache > Filtering > Insert under Override List.
Enter the URL or IP address mask you want to add to the list.
You can use wild card characters to limit or broaden the effect.
From the Allow drop-down list, select Always or Never.
Always will always vend the page; Never will never vend the page.
The override list is always processed before the service lists are. A red or green flag in the override list takes precedence over any flags set for the service lists. Green flags are processed in each list prior to red flags. Once a green flag is identified, the page is immediately vended.
For more information, see Filtering Tab.
| |