Chapter 27 Content Filter
ZyWALL ATP Series User’s Guide
506
• Restrict Web Features
The Zyxel Device can disable web proxies and block web features such as ActiveX controls, Java
applets and cookies.
• Customize Web Site Access
You can specify URLs to which the Zyxel Device blocks access. You can alternatively block access to
all URLs except ones that you specify. You can also have the Zyxel Device block access to URLs that
contain particular keywords.
Content Filtering Configuration Guidelines
When the Zyxel Device receives an HTTP request, the content filter searches for a policy that matches
the source address and time (schedule). The content filter checks the policies in order (based on the
policy numbers). When a matching policy is found, the content filter allows or blocks the request
depending on the settings of the filtering profile specified by the policy. Some requests may not match
any policy. The Zyxel Device allows the request if the default policy is not set to block. The Zyxel Device
blocks the request if the default policy is set to block.
External Web Filtering Service
When you register for and enable the external web filtering service, your Zyxel Device accesses an
external database that has millions of web sites categorized based on content. You can have the Zyxel
Device block, block and/or log access to web sites based on these categories.
HTTPS Domain Filter
HTTPS Domain Filter works with the Content Filter category feature to identify HTTPS traffic and take
appropriate action. SSL Inspection identifies HTTPS traffic for all Security Service traffic and has higher
priority than HTTPS Domain Filter. HTTPS Domain Filter only identifies keywords in the domain name of an
URL and matches it to a category. For example, if the keyword is 'picture' and the URL is http://
www.google.com/picture/index.htm, then HTTPS Domain Filter cannot identify 'picture' because that
keyword in not in the domain name 'www.google.com'. However, SSL Inspection can identify 'picture' in
the URL http://www.google.com/picture/index.htm.
Keyword Blocking URL Checking
The Zyxel Device checks the URL’s domain name (or IP address) and file path separately when
performing keyword blocking.
The URL’s domain name or IP address is the characters that come before the first slash in the URL. For
example, with the URL
www.zyxel.com.tw/news/pressroom.php
, the domain name is
www.zyxel.com.tw
.
The file path is the characters that come after the first slash in the URL. For example, with the URL
www.zyxel.com.tw/news/pressroom.php
, the file path is
news/pressroom.php
.
Since the Zyxel Device checks the URL’s domain name (or IP address) and file path separately, it will not
find items that go across the two. For example, with the URL
www.zyxel.com.tw/news/pressroom.php
,
the Zyxel Device would find “tw” in the domain name (
www.zyxel.com.tw)
. It would also find “news” in
the file path (
news/pressroom.php
) but it would not find “tw/news”.