1-888-77-Kerio
Home » Categories » Kerio Control » Content filtering
Icon Printer Icon Email      Icon Twitter Icon Digg Icon Stumbleupon Icon de.icio.us Icon FaceBook

Configuring the Content Filter

Content filter overview

Watch the Configuring the content filter video.

In the content filter, Kerio Control defines the types of web activities that are allowed by users on your network. The content filter blocks:

This filtering on different network layers is easily configured by a single set of rules.

Here are the main purposes of content filtering:

Prerequisites

  • Traffic must be controlled by the HTTP / FTP / POP3 protocol inspector.

    The HTTP, FTP and POP3 protocol inspectors are activated automatically unless their use is denied by traffic rules.

  • Kerio Control performs URL based filtering for encrypted traffic (HTTPS protocol).

    Learn more in a special article HTTPS filtering specifics.

  • Secured FTP traffic (FTPS, SFTP) cannot be filtered.

  • Content rules are also applied when the Kerio Control's proxy server is used. However, FTP protocol cannot be filtered if the parent proxy server is used. In such case, content rules are not applied.

    Kerio Control does not apply content rules to the reverse proxy traffic.

Configuring content rules

The Content Rules table includes several predefined rules.

Each rule is compound from several parts. Each part is represented with a column in the Content Rules table. Here there are the most important parts of each rule:

  • Detected content defines what types of content to filter.

  • Source is a person or IP address to which the rule applies.

  • Action describes what to do with the selected content.

In the Content Filter table, you can see:

  • Checkboxes which enable/disable rules (1)

  • Short descriptions of each rule (2)

  • Rules are greyed out when they are inactive(3)

    Kerio Control Web Filter or the application awareness feature is inactive on the Content Filter → Applications and Web Categories tab.

  • The default rule allows all content (4)

  • Green color highlights allowing rules (5)

  • Red color highlights denying and dropping rules (6)

  • The rule order is important. Use the arrows to adjust the order of rules. For details, see Ordering rules (7)

  • Color your own rules for clear arrangement (8)

  • More Actions (9) allows you to:

    • Duplicate the highlighted rule

    • Change color of the highlighted rule

    • Change the description the highlighted rule

    • Edit the time range of the highlighted rule

Image

Duplicating content rules

If you want to create a new content rule, try to find a similar one and duplicate it first. Duplicating a rule and adjusting some parameters is quicker than creating the new rule.

Adding new rules

  1. In the administration interface, go to Content Filter.

  2. On tab Content Rules, click Add.

  3. In table, type a name of the rule in the newly created line.

    Image
  4. Double-click the Detected content column and select what type of the content should be filtered (see details in Detecting content).

  5. Double-click the Source column and select users and/or IP addresses.

  6. Double-click the Action column and fill in the dialog box (see details in Setting actions)

  7. (Optional) Set the valid time — you can set a time interval for applying the rule.

    Create time intervals in Definitions → Time Ranges (see article Creating time ranges in Kerio Control) then you can select the time interval in the Content Rules table.

  8. Click Apply.

Detecting content

In the Content Rule - Detected Content dialog box, click:

  • Applications and Web Categories — for pages sorted in the selected categories by the Kerio Control Web Filter and the application awareness for pages sorted in the selected categories by the application detection.

  • File Name — to allow/disable the transfer of the defined file types.

  • URL and Hostname — to type any URL starting with the specified string. It is possible to use wildcards * (asterisk) and ? (question mark).

  • URL Groups — to allow/disable access to a group of web pages.

    For more details, read article Configuring URL groups.

Setting actions

To log all traffic matched with the rule, check Log the traffic. Each log will be written to the Filter log.

The Content Rule - Action dialog varies depending on selected action:

Allow

Traffic allowed. With the allow rule you can create the following types of rules:

  • Skip Antivirus scanning for selected users, IP addresses or host names.

  • Skip Forbidden words filtering for selected users, IP addresses or host names.

  • Do not require authentication for selected users, IP addresses or host names.

The allowing rule

The allowing rule

Deny

User will be redirected to the firewall page with information that access is denied. You can:

  • redirect a user to another page

    It works only for HTTP sites. Blocked HTTPS sites cannot be redirected to another URL, or to the custom denial page. The page will time out for the user.

  • type a deny text

  • send email notification

    The user must have e-mail address configured in Kerio Control

    The user must be authenticated to Kerio Control.

The denying rule

The denying rule

Drop

Access is denied and the user will see the page as unavailable.

Rule order

Kerio Control goes through rules from top to down and stop with the first match. Therefore, order the rules from specific to general. The most general rule, Allow other traffic, is created by default and it is placed at the bottom.

You can change the order with:

  • Arrows placed on the right side of the window

  • Drag&Drop and move rule or more rules with mouse

Unlocking rules

Privileged users can continue to filtered websites if you enable this right for them. Read Setting access rights in Kerio Control for detailed information.

Examples

Adding new URLs for automatic updates

If you start to use a new software with the automatic updates option, you must add a new URL to the content filter:

  1. Go to Content Filter and enable rule Allow automatic updates and MS Windows activation.

    The rule is based on the Automatic Updates URL group.

    The Content Rules tab

    The Content Rules tab

  2. Go to Definitions → URL Groups.

  3. Click Add.

  4. In the Add URL dialog, select Select existing → Automatic Updates.

  5. Type the URL for automatic update.

    You can use *, ? or select Use regular expression and type the URL as regular expression.

Blocking Facebook

If you have a Kerio Control Web Filter license, block Facebook or other social media with the Application awareness.

To deny Facebook, add the following rule:

  1. On the Content Rules tab, click Add.

  2. Type a name of the new rule.

  3. Double-click Detected Content.

  4. In the Content Rule - Detected Content dialog, click Add → URL and Hostname.

  5. Type facebook.com into the Site field.

  6. Check option Also apply to secured connections (HTTPS).

    This option has exceptions written in the HTTPS filtering specifics article.

    The first part of the Detected Content settings

    The first part of the Detected Content settings

  7. Click OK.

  8. In the Content Rule - Detected Content dialog, click Add → URL and Hostname again.

  9. Type www.facebook.com into the Site field.

    The second part of the Detected Content settings

    The second part of the Detected Content settings

  10. Select option Hostname across all protocols.

    Kerio Control sends DNS query and ensures that all IP addresses used by Facebook will be identified.

  11. Click OK.

  12. Double-click Action.

  13. In the Content Rule - Action dialog, select Deny in the Action drop-down menu.

  14. Save the settings.

Test the rule by login to Facebook.

Allowing all content from Samepage.io

If you want to:

  • skip antivirus scanning,

  • skip forbidden words filtering,

  • do not require authentication,

for samepage.io (or another cloud service), follow the next steps:

  1. On the Content Rules tab, click Add.

  2. Type a name of the new rule (All for Samepage).

  3. Double-click Detected Content.

  4. In the Content Rule - Detected Content dialog, click Add → URL and Hostname.

  5. Type samepage.io into the Site field.

  6. Select Also apply to secured connections (HTTPS).

    This option has exceptions written in the HTTPS filtering specifics article.

    The first part of the Detected Content settings

    The first part of the Detected Content settings

  7. Click OK.

  8. Double-click Action.

  9. In the Content Rule - Action dialog, select Allow in the Action drop-down menu.

  10. Select Skip Antivirus scanning.

  11. Select Skip Forbidden words filtering.

  12. Select Do not require authentication.

  13. Save the settings.

Related articles

Application awareness in Kerio Control

Using Kerio Control Web Filter

Blocking inappropriate or explicit content in search results

Eliminating Peer-to-Peer traffic

Filtering web content by word occurrence

Filtering HTTPS connections


comments powered by Disqus